Hi, Scott Klauminzer
Many thanks, about this method described in
automatically-creating-and-setting-up-the-agent-keys<http://dcid.me/2011/01/automatically-creating-and-setting-up-the-agent-keys/>
,I has been tried but I got a trouble that agent unable to connect to ossec
server.
this is my detail of ossec agent:
[root@CentOS jj]# /var/ossec/bin/agent-auth -m 10.0.2.15 -p 6969 -A CentOS
2012/11/27 10:34:20 ossec-authd: INFO: Started (pid: 2742).
2012/11/27 10:34:20 ossec-authd: Unable to connect to 10.0.2.15:6969
[root@CentOS james]# yum list installed | grep ssl
docbook-style-dsssl.noarch
mod_ssl.i686 1:2.2.15-15.el6.centos
nss_compat_ossl.i686 0.9.6-1.el6
@anaconda-CentOS-201112130233.i386/6.2
openssl.i686 1.0.0-20.el6
@anaconda-CentOS-201112130233.i386/6.2
openssl-devel.i686 1.0.0-20.el6
@anaconda-CentOS-201112130233.i386/6.2
qca-ossl.i686 2.0.0-0.8.beta3.1.el6
qpid-cpp-client-ssl.i686 0.12-6.el6
@anaconda-CentOS-201112130233.i386/6.2
qpid-cpp-server-ssl.i686 0.12-6.el6
@anaconda-CentOS-201112130233.i386/6.2
Could you help me? thanks!
Br. JJ
2012/9/27 [email protected] <[email protected]>
> Our current process is to pre-load the manager with client names to
> generate the client.keys file, then distribute that with the client install
> and have the install script search for the client by name in the
> client.keys file and output that line to the local client key.
>
> Using Type piped to Findstr on Windows.
>
> If you happen to be on Linux there is a better way!
>
> http://dcid.me/2011/01/automatically-creating-and-setting-up-the-agent-keys/
>
>
> Scott Klauminzer
> Director of Information Technology & Security
>
> Sent from my iPad
>
> On Sep 26, 2012, at 4:28 PM, Mobile Testing <[email protected]> wrote:
>
> Thank you for feedback,I want to deploy 10000 sets to several ossec
> servers. Not is a single server. I need to
> know specification and sizing.
>
> I am suffering from client's key distribution. Somebody help me,thank you.
>
> 從我的 iPhone 傳送
>
> Kat <[email protected]> 於 2012/9/26 上午4:56 寫道:
>
> with the new "Hybrid" feature, why would you want to deploy 10000 to a
> single manager? As someone who has had 3000-4000 dedicated to single
> managers, I would strongly suggest a tiered approach. It just makes more
> sense. Yes, you would have to wait for 2.7 to finish the beta cycle, but to
> me, I would think this is the way to go.
>
> 10000 on a manager trying to maintain all the connections - just think of
> the load on the NIC(s) and the biggest problem being that the analysisd
> process is single threaded, so you are pumping all that data through one
> engine.
>
> I will say that yes, others are correct - management through a
> configuration system such as puppet or cfengine is the only way to go, and
> not trying to use the agent management directly within OSSEC.
>
> Just my 2 cents
> Kat
>
> On Tuesday, September 25, 2012 11:57:01 AM UTC-7, JB wrote:
>>
>> I know there are deployments of more than 3000 agents on one OSSEC
>> server.
>> You need to keep an eye on the amount of network traffic though.
>> Overloading can result in lost events.
>> Refer to http://www.ossec.net/?p=449 **under the heading OSSEC Symposium
>> Day 2..
>>
>> On Sunday, September 23, 2012 5:24:17 PM UTC-7, JJ Yu wrote:
>>>
>>> Dears,
>>> Is there any one knows large scale development ? I want to
>>> implement over 10000 set. There is an issue on how to deployment client key
>>> and management.
>>> Could you share any experience?
>>> Many thanks.
>>>
>>> Br. JJ
>>>
>>
