Hi all,
I'm testing with ossec at the moment with a very small user base - 2
Windows XP SP3 machines and an ubuntu 8.04 LTS server. The OSSEC server
and agent versions are both 2.1.1.
I have had no difficulty with one of the machines and I'm extremely
impressed by the software. However, the other machine, an XP laptop,
only sends information when it is connected via the IP with which it was
registered. When it is on the office wifi network it has a different IP
and the ossec.log shows the following warning:
ossec-remoted(1213): WARN: Message from X.X.X.X not allowed.
where X.X.X.X is the wifi adapter's IP.
I have tried to allow all possible IP addresses that could be assigned
by the DHCP server using the allowed-ips directive in the <remote>
section in ossec.conf on the server, but this has had no obvious effect.
<remote>
<connection>syslog</connection>
<allowed-ips>X.X.X.0/24</allowed-ips>
</remote>
<remote>
<connection>secure</connection>
<allowed-ips>X.X.X.0/24</allowed-ips>
</remote>
Most of the computers in the company have a wifi adapter and regularly
end up with one or another IP. Is there anyway I can get around this
problem? Can I wildcard the IP addresses when registering the client?
Regards,
Simon
