On Mon, 13 Dec 2010 15:54:24 -0400 Daniel Cid <[email protected]> wrote:
> Hey, > > Thanks for the patch. Did you test it out to see if it works or > breaks anything? I am only worried if we restrict the size > somewhere else in the code, causing the large IDs to break... Thank you for the reply. My first reviews don't show any conflict, and I am using my patch in production, with the largest ID is "4006985916". I am not sure if ossec restricts the size of ID somewhere. It needs some minutes to read the code again and confirm. I will keep you posted. Regards, > On Fri, Dec 10, 2010 at 3:32 AM, Anh K. Huynh <[email protected]> > wrote: > > Hello, > > > > In current official release of OSSEC, the agent ID should have at > > most 8 characters. This may be an inconvenience way in some cases. > > > > For example, I have some machines provided by Amazon AWS. Each > > machine has its own ID (assigned by Amazon), for example > > "i-da2d3b90". If I convert this ID string to decimal integer, I > > will have "3660397456" whose length is 10 (>8). This means that I > > can't re-use Amazon ID as OSSEC agent identity, or each instance > > would have at least two kinds of ID: Amazon and Ossec :( > > > > So I suggest OSSEC to support a wider range of Agent ID: > > > > (a) support the pattern /^[a-z0-9]{1,8}/ in agent ID, *or* > > (b) support a longer pattern /^[0-9]{1,10}/ in agent ID. > > (Please note "ffffff" (16) = "4294967295" (10).) > > > > I've pushed a small changes for (b), as you can see in > > > > https://github.com/icy/ossec-hids/commit/75829aac03b128cd94e5c5d1324ebffce198f9cb > > (this version can't be merged directly to the 'master'). > > > > Thank you for reading and consideration. > > > > Regards, > > > > -- > > Anh Ky Huynh at UTC+7 > > > -- Anh Ky Huynh at UTC+7
