Hi All
The free version supports only 500MB of indexing per day Best regards Muralee From: [email protected] [mailto:[email protected]] On Behalf Of Nelson, James Sent: Monday, May 21, 2012 7:37 PM To: [email protected] Subject: RE: [ossec-list] OSSEC + Splunk There is a nice Splunk app that uses the Ossec alerts.log for analysis. I would start there. James ________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Mike Wisniewski Sent: Monday, May 21, 2012 11:11 AM To: [email protected] Subject: [ossec-list] OSSEC + Splunk Hi! I've been using OSSEC for awhile now and it works well. I'm also interested in integrating it with Splunk (free version) to do additional analysis and queries on the logs. I have a rather small environment and collect syslog data from a couple of other linux (ubuntu) servers. Right now, I ship that data into OSSEC and will generate alerts for it. My question....do I have OSSEC collect the syslog data and forward that to Splunk, or do I have Splunk collect the Syslog data and make OSSEC read it? Thanks!
