I understand that you can do something like this on the agents:
<client>
<server-ip>10.11.12.1</server-ip>
<server-ip>10.11.12.2</server-ip>
<server-ip>10.11.12.3</server-ip>
</client>
If 10.11.12.1 goes down, then events go to 10.11.12.2. Is that
correct?
When 10.11.12.1 comes back up will the clients return to sending
events to it or continue sending events to 10.11.12.2 until it goes
down?
If you share the /var/ossec directory structure between the hosts
(e.g. NFS) will there be any problems?
TM
On Jul 2, 10:10 am, tm <[email protected]> wrote:
> Was wondering if anyone has tried this?
>
> We'd like to move OSSEC to production on a pair of load balanced
> hosts. Assuming a shared file system in which /var/ossec is stored,
> can both servers be active or should one be passive and one active?
>
> Appreciate any comments from those who might have experience in this
> area.
>
> Cheers!
> TM
