The standalone or local configuration is perfect for managing a single server. If you have multiple servers, you'll want to use OSSEC in the server-agent model. Utilizing a server-agent model will allow agents to aggregate events and the server to make more informed decisions when alerting or taking an action.
In this example, we assume that the:
We also assume that you have successfully installed OSSEC. Otherwise, you can install it from the source or with a binary installer. To install from a source, use the
install.sh command and select
server as the installation ...