Hi, Jeremy, Since the OSSEC will be installed on the same server as the Apache server, I thought OSSEC would use too much processing. Do you think that this would be a problem? The OSSEC "server" is gonna check the whole traffic - and it is a heavy traffic - , so it is going to use the CPU, a lot.
It's going to be a Linux box, in the beginning, otherwise I'll use a FreeBSD. Thanks for the reply, Tom 2011/11/11 Jeremy Lee <[email protected]> > I think it's a great idea - I'm assuming this is a Linux box? You can > setup OSSEC to monitor the Apache logs and utilize active response to ward > off potential abusers. Some time up-front will need to be spent tuning the > rules, etc but it's well worth it. > > If you have another web server (or more) for load balancing, you'd > actually want OSSEC setup in a server-agent configuration, with an agent on > each web server reporting to the central OSSEC server. That way you'll be > able to correlate across all web servers. > > > Hope that helps. > > > --Jeremy > > > On Thu, Nov 10, 2011 at 8:22 PM, Tom Mostard <[email protected]>wrote: > >> Hi, folks, >> >> I've got a newbie question, I hope someone can say something about it. >> >> I'm planning to put out a web server (running Apache) which is gonna have >> a heavy load of traffic. >> And I'm wondering about installing OSSEC on this server. >> What do you guys think about it? >> >> In the future, I'm gonna have another web server for load balance. >> Should I install OSSEC on the both server, or should I think about >> another architectural design? >> >> Thanks, >> >> Tom >> > >
