Hi All, I'm currently running OSsec as a HIDS agent on my various servers (in standalone mode. I'd like to be more proactive with centralized logging, IPS, etc etc etc, so when I ran across OSSim it perked my curiosity. I'm looking into the idea of setting up an ocsec server and using reinstalling the server agents in agent mode, reporting to that server...or OSSim...which looks very interesting and seems to have alot more than functionality than simply OSSEC. I'm very curious as to what anyone else thinks? If they've had experiences with either system in a client server mode for centralized logging. I'd also love to hear any other recommendations for this issue that people have had success with. Thanks! Tfunk
