Please excuse my ignorance. I'll take notes. :)
On Wed, Oct 26, 2011 at 8:15 AM, carlopmart <[email protected]> wrote:
> On 10/26/2011 01:00 PM, Michael Starks wrote:
>>
>> List the most annoying bugs. What makes OSSEC difficult to use? What is
>> the biggest area for improvement? What are we missing? Any rules fp too
>> much? Now is the time to get it all out.
>>
>> --
>> Michael Starks
>> [I] Immutable Security
>> http://www.immutablesecurity.com
>
> IMHO, exists some improvements needed to implement on OSSEC:
>
> a) Ability to be installed on cluster systems, like RHCS (RedHat Cluster
> Suite) or Pacemaker/Corosync.
>
What is inadequate with the current system in a clustered environment?
I probably just don't know enough about how these clusters operate,
but what needs to change in OSSEC?
> b) Ability to use agent collectors. For example for remote locations, one
> server acts a collector for a remote LAN and forwards all alerts, logs, etc
> to the central OSSEC server.
>
Alerts are easy now, logs are harder. I like the idea.
> c) That there is the ability to store events, alerts, etc on the client side
> for example during seven days until the central OSSEC server is restored due
> to a failure.
>
> ......
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
