Hello, I have three OSSEC servers running on three seperate machines (one for each individual network). I was wondering how I can point those servers to my Splunk server. The Splunk app appers to have the functionality to select by "Server Name". This would then give me the ability to manage all of the servers from within the Splunk app. Has anyone done this? Side question - Is it possible to run three seperate policy profiles on one OSSEC server? I'm using 3 - Amazon Micro Servers, and then the Splunk server is installed on a Amazon Small Server (ubuntu). It would be nice to consolidate those three micro servers into one Small or Medium server, but I need the ability to report and tune for each network. They have different security requirements, etc. Thanks, Patrick
