Hi all, whilst being new to ossec, after short time I managed to install some ossec agents in my lan. Also conecting them to my alienvault server ... all worked like a charme :-)
But the real challange is now, to connect two webservers hosted by my provider. Let me try an ascii-art-picture: Server --- Internet --- [DSL] --- Firewall with Nat --- alienvault The intended config is: * Server with ossec agent * Alienvault with all SIEM information So I think, there are some important questions: * How is the the communication Agent<->Server secured? * Is it possible to pull the ossec agent's information from the alienvault server? * Have I to expose (Port forwarding) alienvaults ossec port to the inet? * Or (as worstcase) do I've to establish an VPN? Oh, bdw ... also rtfm answers are welcome ... if u can point me to the appropriate url :-) Kind regards, Michael -- Informatikbüro Jerger http://www.jerger.org Zeppelinstr. 13, D-72770 Reutlingen fon: +49-7121-578913 mob: +49-178-8189878
signature.asc
Description: This is a digitally signed message part.
