Good deal! That makes my life that much more simple. Thanks!
> -----Original Message----- > From: [email protected] [mailto:[EMAIL PROTECTED] > On Behalf Of Daniel Cid > Sent: Monday, September 11, 2006 2:18 PM > To: [email protected] > Subject: [ossec-list] Re: How to PIX > > > Hi Marty, > > If you don't add any "allowed-ips" entry, everything will be denied (as > it is after the install). You are doing it correctly, but if your > network is large, you can give a CIDR after the IP. For example: > > <allowed-ips>10.0.0.0/24</allowed-ips> > > or > > <allowed-ips>192.168.2.0/16</allowed-ips> > > Hope it helps.. > > -- > Daniel B. Cid > dcid ( at ) ossec.net > > On 9/11/06, Marty E. Hillman <[EMAIL PROTECTED]> wrote: > > > > If I want to trap the syslog from more than one device, am I assuming > > correctly that I would configure ossec.conf as follows? > > > > <remote> > > <connection>syslog</connection> > > <allowed-ips>10.0.0.1</allowed-ips> > > <allowed-ips>10.0.0.2</allowed-ips> > > </remote> > > > > Or, better yet... Would I leave the <allowed-ips> entry blank as it > > is in the default file to allow all syslog messages that are directed > > to the box? > > > > Thanks in advance. > > > > > -----Original Message----- > > > From: [email protected] > > > [mailto:[EMAIL PROTECTED] > > > On Behalf Of Daniel Cid > > > Sent: Monday, August 28, 2006 2:13 PM > > > To: [email protected] > > > Subject: [ossec-list] Re: How to PIX > > > > > > > > > Check out these two links (for the pix side): > > > > > > http://www.ossec.net/wiki/index.php/Cisco_PIX > > > > > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_no > > t > > > e09186a0080094030.shtml#configpix|cisco > > > > > > For ossec, you just need to allow the cisco IP address in your > > > syslog configuration and restart ossec. > > > > > > <remote> > > > <connection>syslog</connection> > > > <allowed-ips>pix-ip</allowed-ips> > > > </remote> > > > > > > Hope it helps.. > > > > > > -- > > > Daniel B. Cid > > > dcid ( at ) ossec.net > > > > > > > > > On 8/28/06, Dennis Borkhus-Veto <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > How can I have my Pix send messages to my ossec server? > > > > > > > > > > > > > > > > Sincerely > > > > > > > > Dennis Borkhus-Veto > > > > Systems Administrator > > > > MEE Material Handling L.L.C > > > > [EMAIL PROTECTED] > > > > > > > > > > > > This electronic mail (including any attachments) may contain > > information that is privileged, confidential, and/or otherwise > > protected from disclosure to anyone other than its intended > > recipient(s). Any dissemination or use of this electronic email or > its > > contents (including any attachments) by persons other than the > > intended recipient(s) is strictly prohibited. If you have received > > this message in error, please notify us immediately by reply email so > > that we may correct our internal records. Please then delete the > original message (including any attachments) in its entirety. Thank > you. > > > > > >
