Hi woodspeed, thanks to your links - but these articles I've allready read ... maybe I should sharpen my question: * Is there an deeper description, how connections between agend and ossec server is secured? Something like used Algo (RSA, AES, ...) and used libraries? I think this connection is a very fundamental part of the my security chain. * I found the chance to contact agents behind nat also (I just use this feature allready and am quite happy about :). But in my scenario the alienvault-server (where ossec server is part of) lies behind a nating firewall. So I'm searching for a way to connect an fixed ip agent to an natted ossec-server - that's the missing part. And to add some complexity, the whole stuff lies behind an DSL with dynamic changing IP.
Kind regards, Michael -- > Hi! > > Some helping rtfm. :) > Open port 1514 (UDP): > http://www.ossec.net/doc/manual/installation/index.html > Nat: http://www.ossec.net/doc/manual/agent/agent-dhcp-nat.html > Server-Agent secured communication: > http://www.ossec.net/doc/programs/manage_agents.html > > Best regards > woodspeed > > 2012. március 7. 17:12 Michael Jerger írta, <[email protected]>: > > Hi all, > > > > whilst being new to ossec, after short time I managed to install some > > ossec agents in my lan. Also conecting them to my alienvault server ... > > all worked > > like a charme :-) > > > > But the real challange is now, to connect two webservers hosted by my > > provider. Let me try an ascii-art-picture: > > > > Server --- Internet --- [DSL] --- Firewall with Nat --- alienvault > > > > The intended config is: > > * Server with ossec agent > > * Alienvault with all SIEM information > > > > > > So I think, there are some important questions: > > * How is the the communication Agent<->Server secured? > > * Is it possible to pull the ossec agent's information from the > > alienvault server? > > * Have I to expose (Port forwarding) alienvaults ossec port to the inet? > > * Or (as worstcase) do I've to establish an VPN? > > > > Oh, bdw ... also rtfm answers are welcome ... if u can point me to the > > appropriate url :-) > > > > > > Kind regards, > > Michael > > -- > > Informatikbüro Jerger http://www.jerger.org > > Zeppelinstr. 13, D-72770 Reutlingen > > > > fon: +49-7121-578913 mob: +49-178-8189878 Hi
signature.asc
Description: This is a digitally signed message part.
