-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John,
My understanding and experience of the architecture is that the
server does all the checking and alerting. The clients pass along
to the server what might be "interesting" information: log entries
and file metadata. The server decides what of the information is
important enough to alert about.
So while the server is down, the agents will continue to queue up
"interesting" information. When the server comes back on-line, the
agents send their information to server and it decides what to send
out alerts (or active responses) about.
So the agents will continue to check the metadata about their files
- -- but the server holds the file integrity database for the agents.
The agents don't know if a file has changed or not, the server
determines that. Once the server is back, it will compare the
information the agents send about files with the database to
determine what has changed.
I hope that helps,
-David
Verlag Neue Stadt wrote:
> Hello,
>
> we are contemplaing about using OSSEC and would like to know:
>
> What happend if the OSSec server is down, are the clients able
> to continue to check the integrity of the client/agent?
>
>
>
> Thank's a lot for any feedback!
>
> John
>
>
>
>
>
- --
_______________________________________________
GPG (http://www.gnupg.org/) key available from:
http://www.kayakero.net/per/david/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFG8o29CzuSgviBh00RApIYAJ95iNz04nyda/sA2Ly9RnZZkHjDSgCgjucY
8vTKcFmmp1zrHPO+wUrTUqY=
=uadi
-----END PGP SIGNATURE-----
