1

I don't know why this isn't more plainly obvious on the website: http://www.ossec.net/

But I can't tell if I need to install a 'server' portion on Linux and then an 'agent' on Windows and then monitor through Linux, or if I can use Windows for the entire setup.

Any ideas how this should work for monitoring Windows servers?

MetaGuru
  • 856
  • 5
  • 22
  • 35

2 Answers2

2

Do I need at least 1 Linux server to use OSSEC to monitor my Windows servers?

Yes, you need a *nix server to install OSSEC Manager or try to compile it with Cygwin.

quanta
  • 50,327
  • 19
  • 152
  • 213
  • So to be clear I would then be logging into the *nix server to view the logs, though I would just install the agent on whatever server (nix or windows) that I want to monitor? – MetaGuru Aug 10 '11 at 18:43
  • If you mean the logs that do trigger alerts, then, the answer is exactly. They are stored in `/var/ossec/logs/alerts`. You also can [integrate OSSEC with Splunk](http://www.ossec.net/main/splunk-ossec-integration) for quick search. Read more: http://www.ossec.net/doc/faq/ossec.html – quanta Aug 11 '11 at 02:26
-1

You need a server that can be either Windows or Linux.

It's explained here,

http://www.ossec.net/doc/ http://www.ossec.net/main/wp-content/uploads/2009/02/ossec-arch.jpg http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf

Datapimp23
  • 181
  • 1
  • 3
  • 21
  • 1
    Please edit your "answer" to include a real answer, not just a pointer to a PDF. – EEAA Aug 09 '11 at 19:56
  • Ok so it says there is a local install and a server/agent install, but I still can't tell if it can reside entirely on Windows or not. – MetaGuru Aug 09 '11 at 19:56