Hello Derek, just install ossec in "local" mode, this should be best for you.
Brgds Jan On Mon, Oct 13, 2014 at 3:06 PM, <de...@scratters.com> wrote: > I'm exploring the use of OSSEC and I've got a question the docs I've read > aren't yet answering. I think it's going to be quicker to just ask... > > I have a single Linux box which runs in the DMZ. It has a few services, > with Apache and Squid being the main ones. I want to put OSSEC on it > primarily in a log monitoring role. The thing that just won't click from > reading the docs and presentations so far is whether a single machine > scenario uses an agent or not. > > There appear to be these possibilities: > > * the manager and agent run together and the agent talks to its local > manager using "localhost" based communications; > * the manager sort of runs the agent's processes itself, and hence there > is no communications between the two pieces; > * something else. :) > > I know the answer is in there somewhere, but I've been wading though docs > for 3 hours now and I've probably missed it. Can someone point me at the > answer? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.