We are looking at implementing a similar setup but with less servers. Can you share any information about how you did it? Any tips? Thanks!
On Monday, September 16, 2013 4:43:42 PM UTC-4, Janelle wrote: > > I have 3000+ servers feeding syslog into a single OSSEC server and OSSEC > parses the data just fine. It is also very easy to use something like > filtering within syslog (in this case syslog-ng) to write filters and > process the hosts, groups of hosts, etc, to drop the alerts in different > locations as needed. OSSEC still processes everything seeing all 3000 hosts > uniquely, and alerting is done vial AV OSSIM. > > Works beautifully. > ~J > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
