I had both on same server. Otherwise, you can forward your ossec syslog to another server. Look at this: http://www.ossec.net/main/splunk-ossec-integration
On Monday, April 9, 2012 6:45:09 PM UTC-4, Zate wrote: > > Anyone who is using Splunk, how are you getting the info to the Splunk > server? Is the splunk server on the same server as your OSSEC server? I > see options for managing agents and that is a little confusing. > > Zate > > > On Mon, Apr 9, 2012 at 4:27 PM, Qasim Ijaz <[email protected]> wrote: > >> I'll try those. Thanks Dan. >> >> >> On Monday, April 9, 2012 4:02:14 PM UTC-5, dan (ddpbsd) wrote: >>> >>> They aren't OSSEC specific, and can't do a bunch of OSSEC specific >>> things, but I like Graylog2 and logstash. >>> >>> On Mon, Apr 9, 2012 at 4:26 PM, Qasim Ijaz <[email protected]> wrote: >>> > I have used OSSEC WUI and SPLUNK. I love detail in OSSEC WUI but i'd >>> like >>> > graphs. Splunk is expensive. Any alternatives guys? >>> >> >
