UDP only.
On Wed, Jul 13, 2011 at 1:04 AM, GeorgeY <[email protected]> wrote: > Sorry, this seems to be working. > Is UDP the only option for ports or can we specify TCP? > > On Jul 12, 3:58 pm, GeorgeY <[email protected]> wrote: >> Thanks Daniel. >> >> We changed it as below on the OSSEC server: /ossec/etc/ossec.conf but >> it looks as if the clients are not able to "reach" the server. >> >> <ossec_config> >> <remote> >> <port>1234</port> >> </remote> >> </ossec_config> >> >> anything i'm missing? >> >> On Jul 12, 1:31 am, Daniel Cid <[email protected]> wrote: >> >> > Hi George, >> >> > Only UDP port 1514 (making sure to keep state). So when an agent >> > connects to the UDP port 1514 on the >> > manager, it should be able to receive the response back on the same >> > socket (similar to what you would >> > have for a DNS client). >> >> > Thanks, >> >> > On Mon, Jul 11, 2011 at 7:09 AM, GeorgeY <[email protected]> wrote: >> > > Hi all, >> >> > > We have multiple sites which have a small number of hosts and we >> > > wanted to monitor them from our HQ via a central OSSEC server. >> > > Question: what ports do we need to have accessible from HQ and from >> > > each individual remote site? >> > > The documentation states port 1514 but is this catered specifically to >> > > syslog? >> >> > > Any advice is much appreciated. >> >> > > Thanks, >> > > George
