> -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] On > Behalf Of Haidut > Sent: Thursday, November 15, 2007 10:30 AM > To: [email protected] > Subject: [ossec-list] Re: ossec as syslog server > Importance: Low > > > I have another question on a similar topic. > I need to use OSSEC for securely aggregating/parsing/storing logs, but > i DONT need it to analyze logs and fire rules.
Have you considered you may be using the wrong tool for the job? Syslog (or syslog-NG, or possibly other derivatives) does what you describe. Why do you need Ossec? If at some point you want to have the logs analysed for unusual activity, you can have Ossec parse and report on the combined syslog, while keeping the original available.
