On 2014-02-05 4:02, Tino Abbraccio wrote:
Due to Splunk deprecating their file integrity monitoring
functionality of their agents and server, I am looking for a cheap
solution to send FIM data to Splunk to report on. Therefore I am
wondering if there is any way I can send data from a Windows OSSEC
agent directly into Splunk. I was told that I need a OSSEC Linux/Unix
server to forward Syslog data to Splunk, but setting up another server
is not possible for us. We have to work with the servers we have, and
currently Splunk is running on Windows, so having both on the same
server is not possible, unless their is a OSSEC server for Windows I
don't know about. (?)
You must have an OSSEC manager to receive alerts and this must be a
'nix-based system. It can be a virtual machine. I would encourage you to
consider the value FIM has for you vs. the probable low cost of running
an OSSEC manager in a virtual machine.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
