Thanks for the reply Just a point of clarification
The fail-over server is the same server, it is virtual so it is actually the same server with a different IP address the client.keys file is the same. I configured the client to use name not IP so I don't know why it didn't work, if what your saying is that it should work. So there is nothing in the key itself that ties it to the server? As long as the agent and the server have the same client.keys file it should work? ____________________________________________ Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty Insurance Corporation 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7 1.888.601.4440 | * [email protected] This message is intended for use only by the person(s) addressed above and may contain privileged and confidential information. Disclosure or use of this message by any other person is strictly prohibited. If this message is received in error, please notify the sender immediately and delete this message. From: "dan (ddp)" <[email protected]> To: "[email protected]" <[email protected]>, Date: 06/19/2013 08:48 AM Subject: Re: [ossec-list] failover server Sent by: [email protected] Welcome back. On Mon, Jun 17, 2013 at 3:33 PM, Michael Barrett <[email protected]> wrote: > Is there a way to setup ossec agents to failover to another server? > > We have a single management server (RH OSSEC 2.7) > > The server is virtual, in the event of a disaster we would like to migrate > the server over to our co-location facility. > > In my test I found that the agent could not talk to the server once it's IP > address had changed (we used the name in the config and changed DNS to point > to new location) > > I was able to get the agent to talk to the server once I generated a new key > and pushed it out to the agent. > > > Is there a way to set this up without having to re-issue keys to all my > agents? > I believe the way to set it up is to add another server-ip entry to the agent, and copy the client.keys from the first server to the second. (restart agent processes and second server processes) > > > Thanks! > ____________________________________________ > Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty > Insurance Corporation > 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7 > 1.888.601.4440 | * [email protected] > > This message is intended for use only by the person(s) addressed above and > may contain privileged and confidential information. Disclosure or use of > this message by any other person is strictly prohibited. If this message is > received in error, please notify the sender immediately and delete this > message. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://urldefense.proofpoint.com/v1/url?u=https://groups.google.com/groups/opt_out&k=jBZCcUEtecsEqEpqTUdgJg%3D%3D%0A&r=kQFULLplNJvezX1OsQ4ZMnCtACpvbx%2B78GdKWTp7g4U%3D%0A&m=zZ6ZhGBwOrgqTFLV5YJ%2B3u3l6%2FUKOtcO3tY%2BAbbq3f8%3D%0A&s=241a2e83bf76bfdda763fd35bb433bf3217859df1d869259c4b50905bf4d4dda . > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://urldefense.proofpoint.com/v1/url?u=https://groups.google.com/groups/opt_out&k=jBZCcUEtecsEqEpqTUdgJg%3D%3D%0A&r=kQFULLplNJvezX1OsQ4ZMnCtACpvbx%2B78GdKWTp7g4U%3D%0A&m=zZ6ZhGBwOrgqTFLV5YJ%2B3u3l6%2FUKOtcO3tY%2BAbbq3f8%3D%0A&s=241a2e83bf76bfdda763fd35bb433bf3217859df1d869259c4b50905bf4d4dda . -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
