Hi Guys, I think OSSEC is an awesome product and it works very well. I was wondering if you think to implement the possibility to split the alert based on source IP or subnet. The reason I ask this is because in an integration with splunk, it would be nice to be able to send logs to different indexes at forwarding time, rather than doing at indexing time, since indexing time is much more demanding in terms of computational power. Additionally, if you consider such scenario in a multi-tenant environment, it makes life a lot easier, having log splitted directly on the OSSEC server and monitor the different logfiles with a splunk universal forwarder.
Is that a feature you might consider to implement? Thank you E.B. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.