So here is my plan for a global cloud arch (systems very volitile)
- "Local" install
- Alert via Syslog to central server on dedicated "facility"
- Local Syslog go to central server
- Central console (Graylog2?) parsing all syslog for custom correlation
Should scale to 10's of thousands. We'll se
Very nice, that is about the size I am looking at.
Plan so far is a physical OSSEC in each data center taking in feeds from
about 2-4K hosts per DC. (5 DC's)
Each of the OSSEC servers would then send the results to Splunk via a local
splunk agent and then I'll use the splunk app for OSSEC or writ
I am running an OSSEC server compiled to handle 10K hosts with over 1K
already deployed. In 2 weeks I will be doubling my hosts and by the
end of April I will have over 4K.
Taking in events via native ossec and sending via remote rsyslog to
parse. Roughly 200K events an hour.
Server is RH EL on
I would like to know as well.
Dan
On Mar 31, 2012, at 5:44 PM, Zate wrote:
> Anyone running OSSEC on 1000+ hosts that wants to share some tips/
> tricks on a good architecture for large installs? Hardware tips,
> deployment tips, management tips?
>
> Dont mind discussing off list if that make
Anyone running OSSEC on 1000+ hosts that wants to share some tips/
tricks on a good architecture for large installs? Hardware tips,
deployment tips, management tips?
Dont mind discussing off list if that makes it easier.
thanks.