Thanks Dan. Much appreciated
On Jul 13, 8:03 pm, "dan (ddp)" <[email protected]> wrote: > UDP only. > > On Wed, Jul 13, 2011 at 1:04 AM, GeorgeY <[email protected]> wrote: > > Sorry, this seems to be working. > > Is UDP the only option for ports or can we specify TCP? > > > On Jul 12, 3:58 pm, GeorgeY <[email protected]> wrote: > >> Thanks Daniel. > > >> We changed it as below on the OSSEC server: /ossec/etc/ossec.conf but > >> it looks as if the clients are not able to "reach" the server. > > >> <ossec_config> > >> <remote> > >> <port>1234</port> > >> </remote> > >> </ossec_config> > > >> anything i'm missing? > > >> On Jul 12, 1:31 am, Daniel Cid <[email protected]> wrote: > > >> > Hi George, > > >> > Only UDP port 1514 (making sure to keep state). So when an agent > >> > connects to the UDP port 1514 on the > >> > manager, it should be able to receive the response back on the same > >> > socket (similar to what you would > >> > have for a DNS client). > > >> > Thanks, > > >> > On Mon, Jul 11, 2011 at 7:09 AM, GeorgeY <[email protected]> wrote: > >> > > Hi all, > > >> > > We have multiple sites which have a small number of hosts and we > >> > > wanted to monitor them from our HQ via a central OSSEC server. > >> > > Question: what ports do we need to have accessible from HQ and from > >> > > each individual remote site? > >> > > The documentation states port 1514 but is this catered specifically to > >> > > syslog? > > >> > > Any advice is much appreciated. > > >> > > Thanks, > >> > > George
