Haha I shouldn't have said anything :P Sorry for the confusion. I think OSSEC is a must-have for most, if not all, organizations. And I do think it excels at log analysis. Anyway, I probably tripped myself up on my wording but it seems the only [currently] lacking thing is an advanced UI/front-end that can present everything a an organized and effective manner for high-level views and visualization for analysis/correlation (which is why I believe there has been a good amount of interest in Splunk as it can help here).
Of course, a UI/front-end where users can change configurations, modify rules/decoders, etc in a more "on-the-fly" manner would also be a neat feature to integrate later down the road. On Thu, Sep 27, 2012 at 1:41 PM, Michael Starks < [email protected]> wrote: > On 27.09.2012 14:58, Jeremy Lee wrote: > >> Ultimately, I think it comes down to what the need is for each tool >> being considered, as Dan was alluding to. OSSEC is definitely more on >> the host-based IDS side (and does an awesome job at it) but if you >> want/need attention in the log analysis space, you may need to >> consider other tools (but I would say with the intention of using them >> alongside of OSSEC) >> > > OK, now I am confused. :) I always thought log analysis was where OSSEC > excelled. >
