I am a little confused about exactly what ossec is, and what I should expect from it.
I have two use cases: (1) A standalone web server, running httpd, mysqld, and a few other services (sshd, etc). We could monitor logs via logwatch, but it alerts us to normal stuff like 404 responses served by httpd, and it's not straightforward how to configure it, and it runs via cron. We would like to have a live system monitoring logs on the fly, alerting us about actual things that need attention - server out of memory error, but not 404 error, etc. (2) A bunch of servers, that already have zabbix, serverdensity, or similar running, but alerts are mostly about system status, not log processing. We'd like to add log monitoring. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
