On Mon, Dec 3, 2012 at 9:37 PM, peng lin <[email protected]> wrote: > how to install with hybrid mode ? > is that use this ? to layer Deploy? > server > | > | > --- hybrid----------------hybrid-------- > | | | | > agent agent agent agent... > if this , > 1 how to config hybrid 's ossec.conf and agent's ? > 2 who Collect agent's alerts? hybrid or server ? > 3 if hybrid collect agent's alerts , how to send them to server , can hybrid > auto Forwarding the messages? > 4 have some docs to introduce it ? > >
You can select hybrid during the installation instead of local, agent, or server. The install script takes care of most of the basic configuration. In hybrid mode the agents send their log messages (agents NEVER deal with alerts) to the hybrid-server. The hybrid-server analyzes the messages, and forwards alerts to another server. The hybrid-server does not forward log messages, only alerts.
