On 27.09.2012 14:58, Jeremy Lee wrote:
Ultimately, I think it comes down to what the need is for each tool being considered, as Dan was alluding to. OSSEC is definitely more on the host-based IDS side (and does an awesome job at it) but if you want/need attention in the log analysis space, you may need toconsider other tools (but I would say with the intention of using themalongside of OSSEC)
OK, now I am confused. :) I always thought log analysis was where OSSEC excelled.