Thanks Daniel.
We changed it as below on the OSSEC server: /ossec/etc/ossec.conf but
it looks as if the clients are not able to "reach" the server.
<ossec_config>
<remote>
<port>1234</port>
</remote>
</ossec_config>
anything i'm missing?
On Jul 12, 1:31 am, Daniel Cid <[email protected]> wrote:
> Hi George,
>
> Only UDP port 1514 (making sure to keep state). So when an agent
> connects to the UDP port 1514 on the
> manager, it should be able to receive the response back on the same
> socket (similar to what you would
> have for a DNS client).
>
> Thanks,
>
> On Mon, Jul 11, 2011 at 7:09 AM, GeorgeY <[email protected]> wrote:
> > Hi all,
>
> > We have multiple sites which have a small number of hosts and we
> > wanted to monitor them from our HQ via a central OSSEC server.
> > Question: what ports do we need to have accessible from HQ and from
> > each individual remote site?
> > The documentation states port 1514 but is this catered specifically to
> > syslog?
>
> > Any advice is much appreciated.
>
> > Thanks,
> > George
