On Nov 10, 2011, at 9:16 PM, Tom Mostard wrote: > The OSSEC "server" is gonna check the whole traffic
OSSEC won't check network traffic like an Intrusion Detection System (snort) or Web Application Firewall (mod_security). It will monitor your Apache logs for known web attacks. As recommending, it's best to just install the agent. Since your webserver is exposed directly to the internet, I recommend increasing the frequency of syscheck. A lot can happen in 86400 seconds. I run it every 15 minutes, but that's my choice and it works for me.
