IDS mailing list archives
OSSEC vs Samhain HIDS discussion
From: Mattieu Puel <vodmat.news () gmail com>
Date: Sun, 10 Aug 2008 18:03:04 +0200
Hi all, I am looking forward a HIDS for mass deployment on unices systems (~= 1200 Linux/Solaris/AIX). I need a centralized system (in order to simplify administration), excluding tripwire/aide/integrit and the like.. A that point of my researches, I have the feeling that OSSEC or Samhain would be the right solution. I need centralized config files/databases, multiple ways of processing logs (mail/syslog/dbs/scripts..). Managing different types of systems/archs configuration files is also an important concern. Here are a few questions I would like to submit to the list: What is the most serious, stablest, easy-to-use and full-featured one between those two ? Which one is the most widespread over huge organizations ? Are there other solutions that would meet my needs ? Are there well known issues in using samhain or ossec ? Samhain and ossec seems unable to corelate alerts (avoiding mass mailing when the same error is encountered on all hosts). Is that true ? Does some other tool do the job ? Sorry about my weird english.. Thanks for any post. -- Reconnaissez vos erreurs avant que quelqu'un d'autre ne les exagère. -*- Andrew Mason -*-
Attachment:
smime.p7s
Description:
Current thread:
- OSSEC vs Samhain HIDS discussion Mattieu Puel (Aug 11)