On Mon, Aug 24, 2015 at 11:32 AM, Edward Ned Harvey <[email protected]> wrote: > Would you normally run ossec on a single server, in addition to the other > stuff it runs? Or would you normally create a "master" ossec server, and > install an agent on the systems to be monitored? >
That depends on your desired coverage and capabilities. Forwarding the logs from multiple systems to a central syslog, and running ossec on that syslog system is possible, but running agents on your systems is probably the preferred method. Using agents gives you access to active response, and encrypts the logs over the wire by default. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
