I know you can put in CIDR ranges (192.168.1.0/24) when registering clients. I do that now. If the wireless and wired networks are totally different IP ranges I'm not sure what the options are.
On Thu, Aug 13, 2009 at 10:04 AM, Simon Barrett<[email protected]> wrote: > > Hi all, > > I'm testing with ossec at the moment with a very small user base - 2 > Windows XP SP3 machines and an ubuntu 8.04 LTS server. The OSSEC server > and agent versions are both 2.1.1. > > I have had no difficulty with one of the machines and I'm extremely > impressed by the software. However, the other machine, an XP laptop, > only sends information when it is connected via the IP with which it was > registered. When it is on the office wifi network it has a different IP > and the ossec.log shows the following warning: > > ossec-remoted(1213): WARN: Message from X.X.X.X not allowed. > > where X.X.X.X is the wifi adapter's IP. > > I have tried to allow all possible IP addresses that could be assigned > by the DHCP server using the allowed-ips directive in the <remote> > section in ossec.conf on the server, but this has had no obvious effect. > > <remote> > <connection>syslog</connection> > <allowed-ips>X.X.X.0/24</allowed-ips> > </remote> > > <remote> > <connection>secure</connection> > <allowed-ips>X.X.X.0/24</allowed-ips> > </remote> > > > Most of the computers in the company have a wifi adapter and regularly > end up with one or another IP. Is there anyway I can get around this > problem? Can I wildcard the IP addresses when registering the client? > > Regards, > > Simon > > >
