David Bianco released a test version of an agent that can take events from
OSSEC and insert them into Sguil as alerts. This is his full msg to the ossec-list:
I’ve put together a test release of an agent that can take events from
the OSSEC alert.log and insert them into Sguil as alerts. It’s based
on the example agent that comes with sguil 0.7.0 (in CVS). It’s pretty
rough code at the moment, but I think I got most of the crash bugs out
of it. Still, I wouldn’t run it on production Sguil servers without
testing it yourself.You can fetch the code from: