Sorry, this seems to be working. Is UDP the only option for ports or can we specify TCP?
On Jul 12, 3:58 pm, GeorgeY <[email protected]> wrote: > Thanks Daniel. > > We changed it as below on the OSSEC server: /ossec/etc/ossec.conf but > it looks as if the clients are not able to "reach" the server. > > <ossec_config> > <remote> > <port>1234</port> > </remote> > </ossec_config> > > anything i'm missing? > > On Jul 12, 1:31 am, Daniel Cid <[email protected]> wrote: > > > Hi George, > > > Only UDP port 1514 (making sure to keep state). So when an agent > > connects to the UDP port 1514 on the > > manager, it should be able to receive the response back on the same > > socket (similar to what you would > > have for a DNS client). > > > Thanks, > > > On Mon, Jul 11, 2011 at 7:09 AM, GeorgeY <[email protected]> wrote: > > > Hi all, > > > > We have multiple sites which have a small number of hosts and we > > > wanted to monitor them from our HQ via a central OSSEC server. > > > Question: what ports do we need to have accessible from HQ and from > > > each individual remote site? > > > The documentation states port 1514 but is this catered specifically to > > > syslog? > > > > Any advice is much appreciated. > > > > Thanks, > > > George
