No, I had active-response problems. I've fixed them using ssh + key authorization. UDP is not reliable for active-response.
пятница, 29 июня 2012 г., 21:40:10 UTC+4 пользователь Michael Starks написал: > > On 29.06.2012 01:16, kay kay wrote: > > Is it possible to use only TCP protocol? UDP packets are not reliable > > and frequently are being lost and some active-response not executed. > > I've tried to find an option for ossec server to listen TCP port, but > > found only TCP option for clients (syslog protocol). > > You could use a syslog client which can do TCP and analyze the logs on > the server side. > >
