I'm exploring the use of OSSEC and I've got a question the docs I've read aren't yet answering. I think it's going to be quicker to just ask...
I have a single Linux box which runs in the DMZ. It has a few services, with Apache and Squid being the main ones. I want to put OSSEC on it primarily in a log monitoring role. The thing that just won't click from reading the docs and presentations so far is whether a single machine scenario uses an agent or not. There appear to be these possibilities: * the manager and agent run together and the agent talks to its local manager using "localhost" based communications; * the manager sort of runs the agent's processes itself, and hence there is no communications between the two pieces; * something else. :) I know the answer is in there somewhere, but I've been wading though docs for 3 hours now and I've probably missed it. Can someone point me at the answer? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
