Sorry, I think I misunderstood the initial question and ended up going off on a tangent :)
I don't think it's a one-or-the-other choice and as you were referring to, it's probably best to use both OSSEC and Cloudwatch together if the need is there. But as far as active response, FIM, and probably several other features, I don't see those features with Cloudwatch. From the way I understand it, it seems OSSEC has more granular features whereas Cloudwatch may provide more high-level monitoring and statistics. On Thu, Sep 27, 2012 at 12:59 PM, dan (ddp) <ddp...@gmail.com> wrote: > On Thu, Sep 27, 2012 at 3:55 PM, T STONE <tstone...@yahoo.com> wrote: > > Yes, true. While I have Ossec monitoring systems in a non-AWS > environment > > and alerting properly, there is some idea that AWS can also provide that > > functionality. From what I have seen, the move would be to use them > > together. > > > > I was hoping there was someone here that has some personal experience > with > > it and might offer some insight. > > > > It'd be great if you explained what part of cloudwatch you think is > comparable to OSSEC. I haven't seen anything that provides any of the > OSSEC functionality so far... > > > ________________________________ > > From: dan (ddp) <ddp...@gmail.com> > > To: ossec-list@googlegroups.com > > Sent: Thursday, September 27, 2012 12:50 PM > > Subject: Re: [ossec-list] OSSEC vs AWS Cloudwatch..or Cloudwatch with > OSSEC? > > > > On Thu, Sep 27, 2012 at 3:44 PM, tstoneami <tstone...@yahoo.com> wrote: > >> HI Folks; > >> > >> My company is close to deploying a web site on AWS, and has Cloudwatch > >> enabled. From everything I have seen so far, CW does some basic system > >> monitoring out of the box, and you can write custom scripts to do more - > >> although I haven't located the docs for that yet... > >> > >> My question: Can anyone recommend a course of action? I have seen AWS > >> recommend OSSEC for intrusion detection as a best practice, but not for > >> log > >> analysis. Is there any knowledge out there on this? Has anyone used > OSSEC > >> in combination with Cloudwatch? > >> > >> Thanks for any input, > >> > >> Troy > >> > > > > I must be missing something, because these features don't seem to be > > competing with OSSEC in any way: http://aws.amazon.com/cloudwatch/ > > > > >
