I realize this list is not OSSIM specific, but it seems there are a few users here. This has been brought up conceptually in the past, but I don't see any definitive examples of someone implementing this model.
We have a current OSSEC deployment that is reporting to a single manager instance. We are evaluating adding OSSIM to our environment. OSSIM installs its own OSSEC manager on the OSSIM server. I would like to leverage our existing deployment and maintain a separate manager instance. Is anyone currently running a similar deployment? Could you speak to how you designed the integration? Ideas that come to my mind include syslog forwarding of alerts to a listener on the OSSIM server, or deploying an OSSEC agent paired to the OSSIM manager instance on the current OSSEC manager set to monitor the alerts.log file. Any ideas appreciated. Blake -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
