Hi! I've been using OSSEC for awhile now and it works well. I'm also interested in integrating it with Splunk (free version) to do additional analysis and queries on the logs.
I have a rather small environment and collect syslog data from a couple of other linux (ubuntu) servers. Right now, I ship that data into OSSEC and will generate alerts for it. My question....do I have OSSEC collect the syslog data and forward that to Splunk, or do I have Splunk collect the Syslog data and make OSSEC read it? Thanks!
