Understanding ossec and VMs: does a server perform an agent's work too?

Question

So I have a mac host and some virtual machines. I want to use ossec to monitor my virtual machines and my host, mac OS X lion. (I've already fixed the compliation issue with lion, it compiled). See this

I'm having trouble understanding what all the server and agent's roles are. If you only want ossec to run locally, you set up under local. But I have VMs to monitor, so I must select sever. But does server do what agent does on the host, as in, is there some kind of agent functionality to ensure that the same monitoring and checking is also occurring on the server just as it is on the VMs with agent?

If not, then how do I make sure that the host is also being monitored with ossec? What I had thought was that ossec would have to be set up on the host as both a server and client, but if you go to run the installer twice, it will want to delete the server's installation and remake it as an agent only.

Answer 1

The server does all the things an agent does, and on top of that it centralizes log collection and processing. You don't need to install OSSEC as server and agent on your server, just as server.