On Wed, Apr 25, 2012 at 10:48 AM, Tom Piersa <[email protected]> wrote: > I’ve been tinkering with OSSec for about 6 months now. I’d like to setup a > syslog server and have OSSec send it’s alerts to the syslog server. Then I > would like to use an Open Source tool to do reporting off the syslog server. > Two questions: > > 1. Since OSSec does some of it’s reporting off the log files, if I > install OSSec on the syslog server will I get double entries? It just sounds > like a loop. >
It can happen. I usually configure rsyslog or syslog-ng to put the forwarded OSSEC alerts in a file that isn't being monitored by OSSEC. > > > 2. My security budget got doubled this year. $0x2=$0. But we must be > secure. If I can’t do that, I can feel free to quit and we’ll get someone > who will. So …… What Open Source products can I use for Debian Syslog > reporting? I’d like something web based. At this point I’m just looking to > see all of my log info in one place. > In no particular order: logstash graylog2 elsa octopussy (seriously) Limited "free" versions: splunk (free version) > Thanks much, > > > > Tom > > > >
