Hi Avi, I use OpenVPN http://www.openvpn.net/index.php/open-source.html to accomplish this. Ossec server is on local DMZ, Ossec agents on remote DMZ. Install OpenVPN server on your Ossec server. Install OpenVPN agents on your offsite systems. Configure OpenVPN server to listen on a port your offsite systems can access outbound. On my local DMZ firewall I limit access to the OpenVPN server port to trusted nets to keep out the riff-raff. Configure Ossec server to use the Ossec agents OpenVPN ip address. This setup can also then be used for other monitoring/management apps (Nagios,etc).
Jim -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of gthomson Sent: Tuesday, August 11, 2009 2:56 To: [email protected] Subject: [ossec-list] Re: Monitor remote servers Hi Avi, Can you create a physical pictorial view of what you'd like to be able to do? Something that can give the OSSec experts (not me... I'm a newbie :-) a logical picture of what you are trying to accomplish? Greg _____ Developer of EdWeb 2.0 Web hosting designed with teachers in mind! _____ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Avi Glazer Sent: Monday, August 10, 2009 10:31 AM To: [email protected] Subject: [ossec-list] Monitor remote servers Hello, Does anyone know of a way to monitor servers that are not local to the ossec server? My ossec installation is hosted locally, and there are a few servers that I would like to monitor that are hosted offsite. While I don't mind opening ports on the firewall for the Internet-facing servers (web servers, for example), I really don't want to do so for the back-end database machines. From what I've seen so far, ossec looks for the incoming address of the monitored server. Is there a way to use ossec to monitor these machines without and giving them a live IP address opening them up to the Internet? Thanks in advance, Avi
