-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Jan 11, 2011, at 1:21 PM, Netsyphon wrote: > Splunk is nice but I had troubles getting it to work with the ossec plugin, > may try again. It's also somewhat cost prohibitive since it's doing only a > small portion of what it's needed for compared to ossec. I agree on the > snare comparison, it's not practical for the security minded.
Unless you have a huge number of OSSEC clients, I think the free version of splunk handles everything just fine. You lose some features such as automated reporting and the ability to create users, but it works really well. - --------------------------- Jason 'XenoPhage' Frisvold xenoph...@godshell.com - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) iEYEARECAAYFAk06UAUACgkQ8CjzPZyTUTSlSwCeNBD/WP+yghJe2YUs99EauikT j24AnAlI0J93efkho3DeIHhbMofzvlKX =5vqi -----END PGP SIGNATURE-----