On Mon, Oct 13, 2014 at 9:06 AM, <[email protected]> wrote: > I'm exploring the use of OSSEC and I've got a question the docs I've read > aren't yet answering. I think it's going to be quicker to just ask... > > I have a single Linux box which runs in the DMZ. It has a few services, with > Apache and Squid being the main ones. I want to put OSSEC on it primarily in > a log monitoring role. The thing that just won't click from reading the docs > and presentations so far is whether a single machine scenario uses an agent > or not. > > There appear to be these possibilities: > > * the manager and agent run together and the agent talks to its local > manager using "localhost" based communications; > * the manager sort of runs the agent's processes itself, and hence there is > no communications between the two pieces; > * something else. :) > > I know the answer is in there somewhere, but I've been wading though docs > for 3 hours now and I've probably missed it. Can someone point me at the > answer? >
I think you're looking for a local installation. I have server/agent installations on a local machine, but that's mostly for testing purposes. If you could point out where in the documentation I could explain this better, I'll submit an improved version by tonight. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
