To me, it seems like Cloudwatch is more in the category as tools like Nagios and Orion.
On Thu, Sep 27, 2012 at 2:10 PM, Michael Starks < ossec-l...@michaelstarks.com> wrote: > On 27.09.2012 14:44, tstoneami wrote: > >> HI Folks; >> >> My company is close to deploying a web site on AWS, and has Cloudwatch >> enabled. From everything I have seen so far, CW does some basic system >> monitoring out of the box, and you can write custom scripts to do more >> - although I haven't located the docs for that yet... >> >> My question: Can anyone recommend a course of action? I have seen AWS >> recommend OSSEC for intrusion detection as a best practice, but not >> for log analysis. Is there any knowledge out there on this? Has anyone >> used OSSEC in combination with Cloudwatch? >> > > Just took a look. It doesn't even look remotely close to what OSSEC does. > CloudWatch seems to be centered around availability and performance > monitoring. There's no mention of intrusion detection that I can find. > That's what OSSEC does, with the occasional availability alerts since > availability is a security problem. >
