On 10/26/2011 07:15 AM, carlopmart wrote:
b) Ability to use agent collectors. For example for remote locations, one server acts a collector for a remote LAN and forwards all alerts, logs, etc to the central OSSEC server.
You should be able do this now. Install a manager in one of your downstream locations, then install a client on the same box. Point it to the alerts.log of the manager. I think the only problems you will have are with active response and perhaps the upstream logs will look like they all came from the manager, instead of the individual agents.
c) That there is the ability to store events, alerts, etc on the client side for example during seven days until the central OSSEC server is restored due to a failure.
This is supposed to work now, but I don't think it does.
