On Wed, Mar 20, 2013 at 4:19 PM, René Kåbis <[email protected]> wrote: > Thank you. I was just thinking of a VM, but this is a dual-core with > (currently) limited resources (~4Gb RAM). Theoretically, I could upgrade it > to a pair of quad (or maybe even hex-cores) and 48Gb of memory, but this is > currently *wayyyyy* out of my budget. I can barely justify keeping this unit > in the colo at the current time (it’s not like it’s bringing in a profit or > anything, it’s purely for personal projects). > > So, assume for a moment I am running something simple, like VirtualBox. Do I > have to keep the VM up and running at all times, or can I put in a > thoroughly minimalistic copy of Linux and run the VM purely for creating the > Authentication Key and then shut it down? Keep in mind, my resources are at > an absolute minimum. I have only two cores in the machine (a single Opteron > 2216) and 4GB of ECC REG DDR2. If this VM has to be up and running all the > time, it’ll bring my server to its knees (memory utilization is typically > ~3GB, but has spiked up to ~4.5/5GB at times). >
Agents do no analysis on their own. They pass log messages/file information to the server, and the server does the analysis. > > On Wednesday, March 20, 2013 12:29:34 PM UTC-7, Dustin Lenz wrote: >> >> You could run OSSEC in a VM on the same server. >> >> On Mar 20, 2013, at 12:19 PM, "René Kåbis" <[email protected]> wrote: >> >> Actually, I have a very distinct need for an OSSEC server on Windows. I >> run my own Iron, but all I have right now is a single Windows 2008 R2 server >> in a colo facility. I do NOT have the cash to put a second machine in that >> facility. Now, how the bloody hell am I supposed to run OSSEC on my Win2K3R2 >> machine without an OSSEC server??? How do I obtain an "authentication key" >> without ever adding a second machine to that colo facility??? >> >> I don't care about keeping both versions in sync. Some places are a >> windows-only shop, or have needs like mine (no ability to add a Linux server >> of any kind). Windows is that other major market share out there, and you >> cannot ASSume that everyone will have the wherewithal to add a Linux server >> just to run a client app on a single Windows server. >> >> I would like to secure my server. I just cannot afford a second server >> just to do the authentication key part of it. >> >> Oh, well. The hope of having an effective and useful intrusion detection >> system for my Windows server was fun while it lasted. >> >> On Friday, February 1, 2013 6:19:17 AM UTC-8, dan (ddpbsd) wrote: >>> >>> On Fri, Feb 1, 2013 at 9:12 AM, mike <[email protected]> wrote: >>> > why do you say 'thankfully' no. >>> > >>> >>> Because supporting that would be a hell I wouldn't wish upon my worst >>> enemies. Because keeping the Windows version and the main version in >>> sync would be a nightmare. Because Windows probably isn't the best >>> platform for an OSSEC server. >>> >>> > On Friday, February 1, 2013 11:58:26 AM UTC, dan (ddpbsd) wrote: >>> >> >>> >> >>> >> On Feb 1, 2013 6:58 AM, "mike" <[email protected]> wrote: >>> >> > >>> >> > Is there a Windows version of the OSSEC manager nowadays? >>> >> > >>> >> > -- >>> >> >>> >> Thankfully no. >>> >> >>> >> > >>> >> > --- >>> >> > You received this message because you are subscribed to the Google >>> >> > Groups "ossec-list" group. >>> >> > To unsubscribe from this group and stop receiving emails from it, >>> >> > send >>> >> > an email to [email protected]. >>> >> >>> >> > For more options, visit https://groups.google.com/groups/opt_out. >>> >> > >>> >> > >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/groups/opt_out. >>> > >>> > >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
