That was the answer to my dynamic port question Thanks
-----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Cid Sent: Thursday, August 10, 2006 12:44 PM To: [email protected] Subject: [ossec-list] Re: Does ossec-agent on Windows require to listen at udp port 3911 No, you don't need to open it in agent. It is probably just a random port chosen as the source port for the connections to the server. Just make sure to allow ports 1514 in the server and outbound 1514 (keeping state) in the agent side. Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On 8/10/06, Martin Leung <[EMAIL PROTECTED]> wrote: > Hi list, > > I found the following event log from an Ossec Windows agent: > > The Windows Firewall has detected an application listening for incoming > traffic. > > Name: - > Path: C:\Program Files\ossec-agent\ossec-agent.exe > Process identifier: 2084 > User account: SYSTEM > User domain: NT AUTHORITY > Service: Yes > RPC server: No > IP version: IPv4 > IP protocol: UDP > Port number: 3911 > Allowed: No > User notified: No > > Do I have to allow the traffic? > > Rgds. > Martin > > >
