[ Thanks to Jane Walker for this link.
]
“OSSEC is an open source host-based IDS/IPS that has two major
modes of operation. In my last tip (link to previous OSSEC tip), I
discussed how to install a stand-alone instance of OSSEC to run on
a single machine. In this tip, I will look at OSSEC’s other mode of
operation–a server and agent model.“In this mode, a central OSSEC server manages a series of remote
OSSEC agents. The agents generate alerts and regular status
reports, and these are forwarded to the central server and
notifications generated…”