HI Folks; My company is close to deploying a web site on AWS, and has Cloudwatch enabled. From everything I have seen so far, CW does some basic system monitoring out of the box, and you can write custom scripts to do more - although I haven't located the docs for that yet...
My question: Can anyone recommend a course of action? I have seen AWS recommend OSSEC for intrusion detection as a best practice, but not for log analysis. Is there any knowledge out there on this? Has anyone used OSSEC in combination with Cloudwatch? Thanks for any input, Troy