Does anyone run multiple OSSEC servers and the Splunk for OSSEC app? I'm confused as to where to add the OSSEC server IPs.
I direct the OSSEC servers to send their SYSLOG to the Collector, I add the IPs to the stanza in inputs.conf for the search head, but I don't see the Servers in the Splunk for OSSEC app. Do I need to add the OSSEC servers somewhere else for the Spunk app to know there's more than one? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
