did something similar using the smaller version of splunk (500 meg) - stuck with a single server, but created dashboards inside splunk to split the appropriate alerts. Something to think about.
On Oct 19, 9:27 am, Sherman Butler <[email protected]> wrote: > I'm wondering if it's possible to have multiple instances of server or client > running on the same host? Systems are x86 intel running x86 Solaris, no > windows systems involved. > > We have two different groups of people using OSSEC for different issues. One > group are the system admins and just want to see the basic system alerts and > errors that are logged through syslog, the other group is the application > admins and they want to see the error messages from their applications which > also log to syslog. The problem is the number of application messages making > it into syslog and therefore to OSSEC make it very difficult to pick out the > relevant alerts the system admins would like to see. > > We thought if we could set up two instances of server and client we could > separate the differing requirements. Anyone know if this is possible? > > Sherman Butler
