Hi,
I'd like to know if there is any workaround for the issue of having
multiple agents with the same ip causing those 'incorrectly formatted
message' errors in the ossec logs. I have a remote ossec server which
has some windows agents reporting into it from another location, but
because they all are behind the same router they have the same ip
address. For various reasons, it's not possible for me to put the ossec
server on the inside of that network, so the next best thing was to have
the agents report outside to a remote server. But it only works if there
is just one agent from that ip.
One way I can think of is to keep a permanent vpn tunnel
established between the ossec server and the router with the windows
agents behind it, that way they will have unique private ip addresses,
but is there a simpler way to go about this? Any suggestions are
welcome, so don't be shy! ;)
