Re: [ossec-list] Redundancy manager (backup)

Hi Martin, I'm glad to know that everything is OK. Your firewall configuration for the manager is good, filtering by source IP is fine. However the configuration for the agent should filter by source port, because we do not know which port the agent communicates from. I mean, the agent does

Re: [ossec-list] Redundancy manager (backup)

Hello, Thank you for your answers ! This is finaly working, what I had to do was to allow the traffic through 1514 with the following ; *On the agent :* - sudo iptables -D INPUT -j DROP - iptables -A INPUT -p UDP --dport 1514 -s 10.0.0.1 -j ACCEPT - iptables -A INPUT -p UDP --dport

Re: [ossec-list] Redundancy manager (backup)

Hi Martin, please give us a clue: do you see any issue at the logs? For example, when the agent switches to other server you should see logs such: ossec-agentd: INFO: Closing connection to server (10.0.0.1:1514). ossec-agentd: INFO: Trying to connect to server (10.0.0.2:1514). If the agent

Re: [ossec-list] Redundancy manager (backup)

On Wed, Apr 5, 2017 at 11:32 AM, Martin wrote: > Hello Victor, > > I tried to run a second manager and I've the same file > /var/ossec/etc/client.keys on it and on the first manager. I've copied the > local_rules, ossec.conf, local_decoder as well. > > And I've specified on

Re: [ossec-list] Redundancy manager (backup)

Hello Victor, I tried to run a second manager and I've the same file /var/ossec/etc/client.keys on it and on the first manager. I've copied the local_rules, ossec.conf, local_decoder as well. And I've specified on the agents to listen on him as you told me ; 10.0.0.1 10.0.0.2 My first

Re: [ossec-list] Redundancy manager (backup)

Sorry I forgot to mention Chef, you can definitely use it to deploy your agents. If you are interested on it, take a look at: https://github.com/sous-chefs/ossec. Best regards. On Tue, Apr 4, 2017 at 2:55 PM, Martin wrote: > Is it possible to deploy them (agents) easily

Re: [ossec-list] Redundancy manager (backup)

Is it possible to deploy them (agents) easily via chef ? THank you again for your answers! Best regards. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [ossec-list] Redundancy manager (backup)

Hi Martin, there are actually some options to deploy agents, you can use Puppet or Ansible to make a large deployment. A very simple unattended installation could be installing the agent with preloaded variables. You can find file etc/preloaded-vars.conf at the source code, fill it (uncomment and

Re: [ossec-list] Redundancy manager (backup)

I know it is possible with "Unattended Source Installation" but i'd still have to add manually these agents on the manager or is there another way :) ? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and

Re: [ossec-list] Redundancy manager (backup)

Hi Victor, Now that I know it is possible to have a second manager in case the first one stop running. I'm wondering, is there a proper way to copy the first manager to duplicate it ? Like that i won't have to configure the second manager as I did with the first one. And I was looking aswell

Re: [ossec-list] Redundancy manager (backup)

Hi Martin, when agents connect to manager, the latter sends an ACK message to confirm that the connection is established. From that moment on, agents send data with no arrival confirmation. This means that, if the server went down, agents would keep sending data, that will be lost. There is a

[ossec-list] Redundancy manager (backup)

Hello everyone, I was wondering, what happen if the "manager" bug / shutdown ? It might sounds stupid but what behavior will the agents have ? Will they make my server bug, consume too much cpu/ram or trying to send message all the time etc ? Is there a way to have a second manager as a