Just echo Michael's comment -- OSSEC Agents send encrypted information to the OSSEC Manager and only the OSSEC Manager knows how to decrypt it. Without the OSSEC Manager in the picture, Splunk would not know how to decrypt it.
On Wednesday, February 5, 2014 10:10:31 AM UTC-8, Michael Starks wrote: > > On 2014-02-05 4:02, Tino Abbraccio wrote: > > Due to Splunk deprecating their file integrity monitoring > > functionality of their agents and server, I am looking for a cheap > > solution to send FIM data to Splunk to report on. Therefore I am > > wondering if there is any way I can send data from a Windows OSSEC > > agent directly into Splunk. I was told that I need a OSSEC Linux/Unix > > server to forward Syslog data to Splunk, but setting up another server > > is not possible for us. We have to work with the servers we have, and > > currently Splunk is running on Windows, so having both on the same > > server is not possible, unless their is a OSSEC server for Windows I > > don't know about. (?) > > You must have an OSSEC manager to receive alerts and this must be a > 'nix-based system. It can be a virtual machine. I would encourage you to > consider the value FIM has for you vs. the probable low cost of running > an OSSEC manager in a virtual machine. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
