On 10/26/2011 01:00 PM, Michael Starks wrote:
List the most annoying bugs. What makes OSSEC difficult to use? What is
the biggest area for improvement? What are we missing? Any rules fp too
much? Now is the time to get it all out.
--
Michael Starks
[I] Immutable Security
http://www.immutablesecurity.com
IMHO, exists some improvements needed to implement on OSSEC:
a) Ability to be installed on cluster systems, like RHCS (RedHat Cluster
Suite) or Pacemaker/Corosync.
b) Ability to use agent collectors. For example for remote locations,
one server acts a collector for a remote LAN and forwards all alerts,
logs, etc to the central OSSEC server.
c) That there is the ability to store events, alerts, etc on the client
side for example during seven days until the central OSSEC server is
restored due to a failure.
......
--
CL Martinez
carlopmart {at} gmail {d0t} com
