On 10/27/2011 01:55 AM, Michael Starks wrote:
On 10/26/2011 07:15 AM, carlopmart wrote:
b) Ability to use agent collectors. For example for remote locations,
one server acts a collector for a remote LAN and forwards all alerts,
logs, etc to the central OSSEC server.
You should be able do this now. Install a manager in one of your
downstream locations, then install a client on the same box. Point it to
the alerts.log of the manager. I think the only problems you will have
are with active response and perhaps the upstream logs will look like
they all came from the manager, instead of the individual agents.
But I need active-response working for some clients ...
c) That there is the ability to store events, alerts, etc on the client
side for example during seven days until the central OSSEC server is
restored due to a failure.
This is supposed to work now, but I don't think it does.
I have tried on my OSSEC installation, and all alerts are lost if the
server is not available after several retries.
--
CL Martinez
carlopmart {at} gmail {d0t} com
