Splunk & Ossec intergration

0	Splunk seems like an all around tool. What is the advantage of incorporating the Ossec system into or with Splunk? performance configuration monitoring asked 30 Apr '10, 19:38 monitor 1●1 accept rate: 0%

3 Answers:

oldest newest most voted

1	One that i can think of is that you can summarize data, or customize reports from Splunk, using OSSEC as an input. link answered 05 May '10, 12:10 rayfoo 178●1●1●10 accept rate: 12%

Users incorporate OSSEC alerts into Splunk to eliminate the need for a dedicated OSSEC web interface and allow for simplified incident analysis through aggregation and correlation.

Check out the app on Splunkbase: http://www.splunkbase.com/apps/All/4.x/app:Splunk+for+OSSEC+-+Splunk+v4+version

And an older blog detailing the value one company finds: http://www.ossec.net/main/splunk-ossec-integration

link

answered 08 Sep '10, 22:26

esweeney
562●8
accept rate: 40%

The reporting and searching is much easier using SPLUNK to look at & do searches on the OSSEC data. The newest version of SPLUNK and the OSSEC plugin give you a whole new set of features.

I've not updated to the 2.5.1 version, I'm still on 2.4, but I think I'll give it a try, x.x.1 just came out.

link

answered 20 Oct '10, 17:51

jhuebner
1●1●3
accept rate: 66%

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

configuration ×309
performance ×147
monitoring ×103

Asked: 30 Apr '10, 19:38

Seen: 1,719 times

Last updated: 20 Oct '10, 17:51

Splunk & Ossec intergration

Follow this question

Splunk Resources

Related questions