It's open source if you consume less that 500Mb of logs per day, and I beleive per instance.
Hence if you deploy directly onto your ossec server, it will not require a licence (as long as you don't breach the log limit). On Feb 28, 3:53 pm, James M Pulver <[email protected]> wrote: > The problem with Splunk to me is it isn't open source, and hence is or can be > expensive. > > -- > James Pulver > LEPP Computer Group > Cornell University > > > > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of PS > Sent: Tuesday, February 28, 2012 10:43 AM > To: [email protected] > Subject: Re: [ossec-list] Did the WUI ever get fixed? > > I'm using Splunk because I already had it installed when installed ossec. The > ossec app for splunk is nice. I recommend it. > > Victor Pineiro > > On Feb 28, 2012, at 4:05 AM, PJG <[email protected]> wrote: > > > All, > > > I saw a post back to last year about the WUI not displaying logs > > correctly. Did anyone get this fixed? (I was going reply to that post > > but couldn't, so have opened this new one). > > > Reason being, is that despite it's limitations, it's still a very > > quick and easy first place to look for logs. > > > I've built it into my Incident response procedures, and would really > > like it to work. > > > Now I know I can deploy Splunk to do a similar things, but the OSSEC > > wui is a very simple tool, to view very powerful logs. > > > If I had the skills I would look into fixing it, but unfortunately I > > don't. > > > Has anyone else been able to wave their magic wand? > > > Cheers... > > > Pip
