We're evaluating OSSEC for use in our environment and are currently in proof of concept testing. We'll have two general types of agents with different compliance requirements that I'm considering separating with profiles.
For Profile 1 I'd like to forward OSSEC alerts and full raw logs to Splunk via syslog. For Profile 2 I'd like to forward just alerts. We have alerts forwarding to Splunk successfully in our lab. Has anyone had success using an agent property, profile or otherwise, to set log destination? Any other ideas to accomplish this goal(multi-manager setup comes to mind)? Any feedback is greatly appreciated, I'm still quite new to the project Blake Johnson IT Security Analyst Alliant Energy -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
