I've been tinkering with OSSec for about 6 months now. I'd like to setup a syslog server and have OSSec send it's alerts to the syslog server. Then I would like to use an Open Source tool to do reporting off the syslog server. Two questions:
1. Since OSSec does some of it's reporting off the log files, if I install OSSec on the syslog server will I get double entries? It just sounds like a loop. 2. My security budget got doubled this year. $0x2=$0. But we must be secure. If I can't do that, I can feel free to quit and we'll get someone who will. So .. What Open Source products can I use for Debian Syslog reporting? I'd like something web based. At this point I'm just looking to see all of my log info in one place. Thanks much, Tom
