I'm wondering if it's possible to have multiple instances of server or client running on the same host? Systems are x86 intel running x86 Solaris, no windows systems involved.
We have two different groups of people using OSSEC for different issues. One group are the system admins and just want to see the basic system alerts and errors that are logged through syslog, the other group is the application admins and they want to see the error messages from their applications which also log to syslog. The problem is the number of application messages making it into syslog and therefore to OSSEC make it very difficult to pick out the relevant alerts the system admins would like to see. We thought if we could set up two instances of server and client we could separate the differing requirements. Anyone know if this is possible? Sherman Butler
