OSSEC agents do very little. They basically forward logs to the manager, and the manager does all of the work.
On Tue, Sep 6, 2011 at 8:28 PM, Michael Mather <michael.mat...@teksavvy.com> wrote: > Dan, you are correct. They got it in 4.2. I had been looking at a > negative comment that applied to 4.1 (under Configuration Monitoring). > > Thanks for solving my problem. > > The suggestions of using OSSEC to forward stuff doesn't work in my > case, because I am not allowed to use a Linux box. > > Nevertheless, I had thought that Prelude, for example, could receive > stuff directly from the OSSEC agent. It would be neat if the > interfaces for agents were published so that monitoring software could > use a variety of agents from different projects. Even better if the > interfaces were standardized, so that this would be easy. >
