Anyone here using OSSEC for a host based IDS in a Windows environment? If so, how do you like it?
I've been toying with it for a while and have it deployed on many of my servers. The server portion will only run on Linux but the agent runs well on Windows.
I've recently written a decoder and ruleset to filter Windows DHCP logs. I needed a way to prove which which machine got which IP address and I didn't want to setup static reservations for all the hosts.The windows DHCP logs get overwritten after only one week. This decoder and ruleset was released with version 2.1 about a month ago. http://www.ossec.net/main/ossec-v21-released