Hi.
I'm trying this:
[Splunk Add-on for OSSEC][1]
[Reporting and Management for OSSEC][2]
Some logs not parsing property and the log structure itself that parsed have many duplicates information in fields.
I mean these logs do not give me super results for monitoring and **to be trust in 80% i can get more useful information from raw data than with the processed add-on**.
And it seems to me that I need somehow reconfigure OSSEC conf.
(but I'm not found any information, off splunk docs have little information about it)
**My question**: if u can, give me more information about OSSEC & Splunk Integration, some blogs, other implementations. tricks to better monitor by OSSEC.
Thanks!
[1]: https://splunkbase.splunk.com/app/2808/
[2]: https://splunkbase.splunk.com/app/300/
↧