I
I have installed one agent on a (linux) host on a private network
behind a firewall connected to the net with a static public IP
address. This agent contact an Ossec server with also a static public
IP address. The Ossec server is also behind a firewall on which the
1514/UDP port is redirected to the private address of this server.
- On the server with manage-agent I give the public IP of the firewall
behind which the agent reside.
- On the client I have in ossec.conf:
<client>
<server-ip>public_IP_of_the_OSSEC_server</server-ip>
</client>
When I import the key I have a good message.
I run the agent and all is working fine.
The problem arise when I add a new agent. On the server I have two
agent with the same IP and the second agent can't connect to the
server (the first one continue working fine).
I have carefully read this doc :
http://www.ossec.net/doc/manual/agent/agent-dhcp-nat.html
I have tried to add the agent on the server with a CID format of IP
address : public_IP_of_the_agent/32 but no more job !
Do you know how can I circumvent this problem because it mean that I
need one Ossec server on each site ?
Anticipated thanks.
Best regards.
