On Nov 21, 2012, at 1:50 PM, dan (ddp) wrote: > On Wed, Nov 21, 2012 at 2:44 PM, Scott <[email protected]> wrote: >> Hello, >> >> I would like to have my logs from a distant subnet forwarded to a central >> ossec server. Some of these logs are UDP 514 syslog format from >> "appliances". >> >> So, I was thinking that I change my current ossec server that is on that >> subnet (which now collects all logs) into a hybrid server and have it >> forward logs to my new central ossec server. >> >> Does that sound reasonable? >> > > The hybrid mode will send OSSEC alerts to a central OSSEC server, not all > logs.
Hmm. Okay, please have patience with me, so if I then forget about hybrid mode, then how do I forward logs safely and securely over the internet to my central ossec server? I kinda imagined that was the purpose of the hybrid mode -- remoted + agentd. Thanks, Scott
