Question: If I have cisco routers or pix firewalls that are behind a NAT device
and I want to have these devices send syslogs to the OSSEC HIDS server, what do
I need to do? Would there be any problems doing this?
Black CryptoKnight <[EMAIL PROTECTED]> wrote: That's great news! I'll give it a
whirl.
Daniel Cid <[EMAIL PROTECTED]> wrote:
Hi BC,
I think your feature request is already present in our latest version (1.0).
We now support dynamic ip addresses in the server/agent communication,
so you can configure all your agents behind the nat with the same IP
address/netmask ...
For example, lets say that you have systems 192.168.1.2, 3, 4 behind a nat
server that connects to network 192.168.2.0/24 with the ossec server on
it.
On the manage agents tool, add each one of those agents on the server using
the following format:
Please provide the following:
* A name for the new agent: agent-1
* The IP Address of the new agent: 192.168.2.0/24 (always using the
whole network
as the ip)
Since the ossec server is going to see them as if they were comming from the
nat
server (192.168.2.x ip), it should work. Make sure to use one separate key for
each agent...
Hope it helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
Visit Jamaica's Tech Portal http://www.techjamaica.com
---------------------------------
Never Miss an Email
Stay connected with Yahoo! Mail on your mobile. Get started!
---------------------------------
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
