I think it's a great idea - I'm assuming this is a Linux box? You can setup OSSEC to monitor the Apache logs and utilize active response to ward off potential abusers. Some time up-front will need to be spent tuning the rules, etc but it's well worth it.
If you have another web server (or more) for load balancing, you'd actually want OSSEC setup in a server-agent configuration, with an agent on each web server reporting to the central OSSEC server. That way you'll be able to correlate across all web servers. Hope that helps. --Jeremy On Thu, Nov 10, 2011 at 8:22 PM, Tom Mostard <[email protected]> wrote: > Hi, folks, > > I've got a newbie question, I hope someone can say something about it. > > I'm planning to put out a web server (running Apache) which is gonna have > a heavy load of traffic. > And I'm wondering about installing OSSEC on this server. > What do you guys think about it? > > In the future, I'm gonna have another web server for load balance. > Should I install OSSEC on the both server, or should I think about another > architectural design? > > Thanks, > > Tom >
