Hi Martin,
I'm glad to know that everything is OK.
Your firewall configuration for the manager is good, filtering by source IP
is fine.
However the configuration for the agent should filter by source port,
because we do not know which port the agent communicates from.
I mean, the agent does
Hello,
Thank you for your answers !
This is finaly working, what I had to do was to allow the traffic through
1514 with the following ;
*On the agent :*
- sudo iptables -D INPUT -j DROP
- iptables -A INPUT -p UDP --dport 1514 -s 10.0.0.1 -j ACCEPT
- iptables -A INPUT -p UDP --dport
Hi Martin,
please give us a clue: do you see any issue at the logs?
For example, when the agent switches to other server you should see logs
such:
ossec-agentd: INFO: Closing connection to server (10.0.0.1:1514).
ossec-agentd: INFO: Trying to connect to server (10.0.0.2:1514).
If the agent
On Wed, Apr 5, 2017 at 11:32 AM, Martin wrote:
> Hello Victor,
>
> I tried to run a second manager and I've the same file
> /var/ossec/etc/client.keys on it and on the first manager. I've copied the
> local_rules, ossec.conf, local_decoder as well.
>
> And I've specified on
Hello Victor,
I tried to run a second manager and I've the same file
/var/ossec/etc/client.keys
on it and on the first manager. I've copied the local_rules, ossec.conf,
local_decoder as well.
And I've specified on the agents to listen on him as you told me ;
10.0.0.1 10.0.0.2
My first
Sorry I forgot to mention Chef, you can definitely use it to deploy your
agents.
If you are interested on it, take a look at:
https://github.com/sous-chefs/ossec.
Best regards.
On Tue, Apr 4, 2017 at 2:55 PM, Martin wrote:
> Is it possible to deploy them (agents) easily
Is it possible to deploy them (agents) easily via chef ?
THank you again for your answers!
Best regards.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Hi Martin,
there are actually some options to deploy agents, you can use Puppet or
Ansible to make a large deployment. A very simple unattended installation
could be installing the agent with preloaded variables. You can find file
etc/preloaded-vars.conf at the source code, fill it (uncomment and
I know it is possible with "Unattended Source Installation" but i'd still
have to add manually these agents on the manager or is there another way :)
?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and
Hi Victor,
Now that I know it is possible to have a second manager in case the first
one stop running. I'm wondering, is there a proper way to copy the first
manager to duplicate it ? Like that i won't have to configure the second
manager as I did with the first one.
And I was looking aswell
Hi Martin,
when agents connect to manager, the latter sends an ACK message to confirm
that the connection is established. From that moment on, agents send data
with no arrival confirmation. This means that, if the server went down,
agents would keep sending data, that will be lost.
There is a
Hello everyone,
I was wondering, what happen if the "manager" bug / shutdown ?
It might sounds stupid but what behavior will the agents have ? Will they
make my server bug, consume too much cpu/ram or trying to send message all
the time etc ?
Is there a way to have a second manager as a
12 matches
Mail list logo