On Mon, Mar 18, 2013 at 12:27 PM, Iqbal Aroussi <[email protected]> wrote: > Hi Eero, Dan, > > Thanks a lot for your quick response. > So if I got the "secure" way, I should put this in my ossec.conf on the > manager > or there is something else to do ? I want to user TCP for reliability.
tcp is not an option for the secure method. > what about the port, is it the correct one or I should use 1514 ? 514 is usually syslog, but if you aren't using syslog it doesn't matter what you do with that port. > > <remote> > <connection>syslog</connection> > <allowed-ips>192.168.152.138/27</allowed-ips> > <protocol>tcp</protocol> > <port>514</port> > </remote> > > Thanks for all of you. > > > Best Regards > > Iqbal Aroussi > 514-627-0438 > > > On Mon, Mar 18, 2013 at 12:17 PM, dan (ddp) <[email protected]> wrote: >> >> On Mon, Mar 18, 2013 at 11:38 AM, Iqbal Aroussi <[email protected]> wrote: >> > Hi everyone, >> > >> > I want to inform you that I'm really new to OSSEC and I have two >> > questions >> > actually. >> > >> > First: >> > I configured the manager as a central syslog, I wanted to know if there >> > is a >> > way to encrypt >> > traffic between agents and manager using TLS or SSL. >> > >> >> You could probably use stunnel, but that seems like a hack. If you >> want the traffic encrypted (although not with ssl/tls) use the secure >> method instead of syslog. >> >> > Second: >> > By default OSSEC archives the logs and compresses them using gzip, is it >> > possible to use bzip2 ? >> > >> >> Only if you modify the source. >> >> > Thanks a lot in advance for your help >> > >> > Best Regards >> > >> > Iqbal Aroussi >> > 514-627-0438 >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
