At the moment I use syslog-ng to collect logs from whole servers and analyze them on ossec-server with decoders and rules.
How can I configure ossec-server to avoid log collecting with syslog-ng? I.e. I have two servers (ossec-agents) with nginx. I need to analyze nginx logs. Should I configure decoder and rule on each ossec-agents or I can create one decoder and one rule on ossec-server and it will be automatically pushed to ossec-agents?
