On Thu, 20 Oct 2011 15:44:01 -0300, Daniel Cid wrote:
I agree. Maybe something simple to list the status of the agents, the current syscheck/rootcheck information and a few more things that are OSSEC-specific.
If the raw ossec logs (in archives.log file) were made to be syslog-compliant, or if the raw logs could be an output option of ossec-csyslogd (instead of only alerts), that would open a lot of options. Then one could easily use ossec to send all events to one of many good syslog GUIs or SIEMS and be able to use OSSEC for transport of raw logs and analysis.
-- Michael Starks [I] Immutable Security http://www.immutablesecurity.com
