I can confirm data loss between the manager shutdown and agent lock. Use of TCP could assure data delivery?
On 19 Feb, 15:08, "Chris Kolb" <[email protected]> wrote: > I too would like to know about this. This is related to a question I asked a > week or so ago regarding events that seemingly get lost and never transmitted > to the server -- if the clients buffer events and use TCP, there should be no > loss. > > Chris Kolb > Manager of Information Security > GDSX, Ltd. > Phone: 972-612-7121 > Fax: 972-612-7021 > > Confidentiality Notice: This e-mail contains information that is > confidential. It is intended for the exclusive use of the individual or > entity to whom it is addressed. If you are not the named recipient, > disclosure or distribution of the information transmitted herewith is > strictly prohibited and may be subject to legal restriction or sanction. > Please notify the sender, by return e-mail or telephone, of any unintended > recipients and delete the original message without making any copies. > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of roger > Sent: Wednesday, February 17, 2010 11:34 AM > To: ossec-list > Subject: [ossec-list] Re: Do OSSEC agents cache events when offline? > > +1 > > Is there a way to have OSSEC deliver over TCP rather than UDP? > > On Feb 16, 1:39 am, Stefano Pedretti <[email protected]> > wrote: > > Hi all, > > i want known if OSSEC keep events happened when manager is offline/ > > unreacheable. > > I known there is a lock status but seems that some events can be > > losts. > > > Is this true? There is a way to avoid event losses in lack of network > > cases? > > > thank you
