On Fri, Jul 6, 2018 at 3:46 AM, VIGOUROUX Mael <mael.vigour...@fr.thalesgroup.com> wrote: > Hello everyone, > > > > I’m currently trying to link OSSEC 2.9 with Prelude 4.1. I created a virtual > network with some Debian 9 VM, I have one where I put my OSSEC agent and > another where I installed the server. I want to send the OSSEC output to a > third machine where Prelude is implemented. I configured Prelude output for > OSSEC. Nevertheless OSSEC server doesn’t send anything. This is not a > problem of IP cause I can ping and this is not a problem of firewall because > there is none. > > I tried to put Prelude and OSSEC server on the same machine with the same > configuration and it is working. So now I’m doubting that Prelude and OSSEC > can communicate on different physical server. There isn’t any documentation > on how the communication works, or I didn’t find it. If you have any > knowledge on the subject, could you explain it to me? >
It looks like `ossec-analysisd` calls prelude_client_send_idmef after creating the idmef payload. Then the prelude magic happens? All of the OSSEC stuff is in `src/analysisd/output/prelude.[ch]` I don't think it's been touched in a while though. > > > Thanks in advance > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.