Goodness, I'm nowhere near clued up enough to suggest how to improve things just yet. I haven't read enough of it!
But note that neither yours nor Jan's posts actually answer my question (although I completely appreciate your good intentions). When I look at the basic information, here: http://ossec-docs.readthedocs.org/en/latest/manual/ossec-architecture.html I learn about the manager and agents, and the concept of agentless. The description of the agent says "The agent is a small program, or collection of programs, installed on the systems to be monitored." OK, well the system to be monitored in my case is the one with the manager on it, so I'm expecting to see both the manager and agent processes on my box. Is that incorrect? Following Jan's prompt I've made a "local" installation.I wouldn't yet know how to recognise an agent process on it, but at first glance there doesn't seem to be one. That seems to imply I've got an agentless install on my server. Is that incorrect? I think at this stage, as a newbie, I'd appreciate a brief description of the concept of "local installation" on that architecture page. Hard to be sure at the moment though. :) On Monday, 13 October 2014 15:34:03 UTC+1, dan (ddpbsd) wrote: > > On Mon, Oct 13, 2014 at 9:06 AM, <de...@scratters.com <javascript:>> > wrote: > > I'm exploring the use of OSSEC and I've got a question the docs I've > read > > aren't yet answering. I think it's going to be quicker to just ask... > > > > I have a single Linux box which runs in the DMZ. It has a few services, > with > > Apache and Squid being the main ones. I want to put OSSEC on it > primarily in > > a log monitoring role. The thing that just won't click from reading the > docs > > and presentations so far is whether a single machine scenario uses an > agent > > or not. > > > > There appear to be these possibilities: > > > > * the manager and agent run together and the agent talks to its local > > manager using "localhost" based communications; > > * the manager sort of runs the agent's processes itself, and hence there > is > > no communications between the two pieces; > > * something else. :) > > > > I know the answer is in there somewhere, but I've been wading though > docs > > for 3 hours now and I've probably missed it. Can someone point me at the > > answer? > > > > I think you're looking for a local installation. I have server/agent > installations on a local machine, but that's mostly for testing > purposes. > If you could point out where in the documentation I could explain this > better, I'll submit an improved version by tonight. > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
