On 17.09.2013 08:04, Eric wrote:
Thank you very much for your information. The logs are showing as
coming from the correct source, but I didn't know if OSSEC was
treating them correctly. Below is the main example that I've come
across.This is also true for the Windows multiple failed logins. It's
correlating 2 different servers and 2 different user names together
and then in the final alert info, only shows the latest. Does this
look right to you?
By the way, if you don't need full SIEM capability and just need a
front-end to be able to parse through logs in an intelligent way, check
out ELSA. Syslog-ng is part of ELSA, so that would easily handle your
EPS requirements (10k+ EPS would not even be an issue). You can still
use OSSEC for alerting and even feed that back into ELSA if you want.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
