Hi,
Can you please give me more details about the stunnel way. I have stunnet
working for syslog but I want to link it to ossec.
What should be the config on the agent so it sends logs using stunnel.
On the manager this is what I've put:
<remote>
<connection>syslog</connection>
<allowed-ips>127.0.0.1</allowed-ips>
<protocol>tcp</protocol>
<port>10514</port>
</remote>
10514 is the port where stunnel is sending traffic locally.
Best Regards
Iqbal Aroussi
514-627-0438
On Mon, Mar 18, 2013 at 1:07 PM, Iqbal Aroussi <[email protected]> wrote:
> Thanks Dan for all useful informations.
>
> Sincerely yours
>
> Best Regards
>
> Iqbal Aroussi
> 514-627-0438
>
>
> On Mon, Mar 18, 2013 at 1:04 PM, dan (ddp) <[email protected]> wrote:
>
>> On Mon, Mar 18, 2013 at 12:27 PM, Iqbal Aroussi <[email protected]> wrote:
>> > Hi Eero, Dan,
>> >
>> > Thanks a lot for your quick response.
>> > So if I got the "secure" way, I should put this in my ossec.conf on the
>> > manager
>> > or there is something else to do ? I want to user TCP for reliability.
>>
>> tcp is not an option for the secure method.
>>
>> > what about the port, is it the correct one or I should use 1514 ?
>>
>> 514 is usually syslog, but if you aren't using syslog it doesn't
>> matter what you do with that port.
>>
>> >
>> > <remote>
>> > <connection>syslog</connection>
>> > <allowed-ips>192.168.152.138/27</allowed-ips>
>> > <protocol>tcp</protocol>
>> > <port>514</port>
>> > </remote>
>> >
>> > Thanks for all of you.
>> >
>> >
>> > Best Regards
>> >
>> > Iqbal Aroussi
>> > 514-627-0438
>> >
>> >
>> > On Mon, Mar 18, 2013 at 12:17 PM, dan (ddp) <[email protected]> wrote:
>> >>
>> >> On Mon, Mar 18, 2013 at 11:38 AM, Iqbal Aroussi <[email protected]>
>> wrote:
>> >> > Hi everyone,
>> >> >
>> >> > I want to inform you that I'm really new to OSSEC and I have two
>> >> > questions
>> >> > actually.
>> >> >
>> >> > First:
>> >> > I configured the manager as a central syslog, I wanted to know if
>> there
>> >> > is a
>> >> > way to encrypt
>> >> > traffic between agents and manager using TLS or SSL.
>> >> >
>> >>
>> >> You could probably use stunnel, but that seems like a hack. If you
>> >> want the traffic encrypted (although not with ssl/tls) use the secure
>> >> method instead of syslog.
>> >>
>> >> > Second:
>> >> > By default OSSEC archives the logs and compresses them using gzip,
>> is it
>> >> > possible to use bzip2 ?
>> >> >
>> >>
>> >> Only if you modify the source.
>> >>
>> >> > Thanks a lot in advance for your help
>> >> >
>> >> > Best Regards
>> >> >
>> >> > Iqbal Aroussi
>> >> > 514-627-0438
>> >> >
>> >> > --
>> >> >
>> >> > ---
>> >> > You received this message because you are subscribed to the Google
>> >> > Groups
>> >> > "ossec-list" group.
>> >> > To unsubscribe from this group and stop receiving emails from it,
>> send
>> >> > an
>> >> > email to [email protected].
>> >> > For more options, visit https://groups.google.com/groups/opt_out.
>> >> >
>> >> >
>> >>
>> >> --
>> >>
>> >> ---
>> >> You received this message because you are subscribed to the Google
>> Groups
>> >> "ossec-list" group.
>> >> To unsubscribe from this group and stop receiving emails from it, send
>> an
>> >> email to [email protected].
>> >> For more options, visit https://groups.google.com/groups/opt_out.
>> >>
>> >>
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an
>> > email to [email protected].
>> > For more options, visit https://groups.google.com/groups/opt_out.
>> >
>> >
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
