On Mon, Jun 24, 2013 at 12:15 PM, Blake Johnson <[email protected]> wrote: > We're evaluating OSSEC for use in our environment and are currently in proof > of concept testing. We'll have two general types of agents with different > compliance requirements that I'm considering separating with profiles. > > For Profile 1 I'd like to forward OSSEC alerts and full raw logs to Splunk > via syslog. For Profile 2 I'd like to forward just alerts. >
Agents do not create alerts. > We have alerts forwarding to Splunk successfully in our lab. Has anyone had > success using an agent property, profile or otherwise, to set log > destination? Any other ideas to accomplish this goal(multi-manager setup > comes to mind)? > The OSSEC server does not have the capability of forwarding the logs it receives. > Any feedback is greatly appreciated, I'm still quite new to the project > > Blake Johnson > IT Security Analyst > Alliant Energy > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
