Greetings folks; I appreciate any input (even die newbie die stuff) on my post. I am new to monitoring and want to see if OSSEC will work for me if I prototype for the following need:
VM#1 Windows server 2008 R2 OSSEC Agent Software which continually updates log files I want to monitor VM#2 Linux OSSEC Server The VM's in this scenario will be on the same host computer - not a network - and from what I understand I can communicate between the two for this need. I want to monitor specific discreet log files on the Windows system and alert from them based on content which shows (error codes). Am I on the right track? I am essentially new to Linux, but have it installed and am quite comfortable with dos commands and batch files which seem to be the analogue on Linux. If anyone has a better idea or recommendation for the monitoring of the log files (even a low footprint one directly on the Windows box, I would greatly appreciate it. Regards, and thanks! Troy
