So here is my plan for a global cloud arch (systems very volitile)
- Local install
- Alert via Syslog to central server on dedicated facility
- Local Syslog go to central server
- Central console (Graylog2?) parsing all syslog for custom correlation
Should scale to 10's of thousands. We'll see.
Very nice, that is about the size I am looking at.
Plan so far is a physical OSSEC in each data center taking in feeds from
about 2-4K hosts per DC. (5 DC's)
Each of the OSSEC servers would then send the results to Splunk via a local
splunk agent and then I'll use the splunk app for OSSEC or
Anyone running OSSEC on 1000+ hosts that wants to share some tips/
tricks on a good architecture for large installs? Hardware tips,
deployment tips, management tips?
Dont mind discussing off list if that makes it easier.
thanks.
I would like to know as well.
Dan
On Mar 31, 2012, at 5:44 PM, Zate zat...@gmail.com wrote:
Anyone running OSSEC on 1000+ hosts that wants to share some tips/
tricks on a good architecture for large installs? Hardware tips,
deployment tips, management tips?
Dont mind discussing off list