On 08/26/2012 03:16 AM, carlopmart wrote:
Hi all,
recntlly I have update two OSSEC servers to latest version stored in
bitbucket:
Glad to hear you are testing this. Just for the record, I don't think
this is a problem with just the bitbucket version. I suspect it would be
a problem with all versions.
Could be possible to implement some type of sync for rids in new OSSEC
version?? For example, configuring in ossec serverA:
<ha-server>
<slave_server>B.B.B.B</slave_server>
<sync_rids_allowed>yes</sync_rids_allowed>
<bi-directional_sync_rids>yes</bi-directional_sync_rids>
</ha-server>
and in on serverB:
<ha-server>
<master_server>A.A.A.A</slave_server>
<sync_rids_allowed>yes</sync_rids_allowed>
<bi-directional_sync_rids>yes</bi-directional_sync_rids>
</ha-server>
This approach it could be usefull to sync for example, local_decoder.xml
or rules.
We have discussed this in the past and I think it's a good idea. I'm not
sure how feasible it would be for a high-volume environment. Can you
please put in a feature request
here?:https://bitbucket.org/jbcheng/ossec-hids/issues?status=new&status=open
