A little background because I am an ossec noob, I'm trying to set up some ossec servers and agents at my job. I have a main linux ossec server in my main work network with local boxes (linux and windows) as clients and that's working fine.
I have some servers set up in the cloud where a couple of linux web servers are agents to a server. Due to network security restrictions, I can't just have the cloud servers go directly to my main ossec server. Here's what I've tried so far: I have a second linux server in my network that is running as a ossec server only for the servers I have up in the cloud. I only have the syslog forwarding set up to my main ossec server, but is it possible for the cloud ossec server to have the agent running at the same time?
