Thanks for the reply

Just a point of clarification

The fail-over server is the same server, it is virtual so it is actually 
the same server with a different IP address the client.keys file is the 
same.

I configured the client to use name not IP so I don't know why it didn't 
work, if what your saying is that it should work.

So there is nothing in the key itself that ties it to the server?  As long 
as the agent and the server have the same client.keys file it should work?


____________________________________________ 
Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty 
Insurance Corporation 
270 E. Kilbourn Ave. | Milwaukee, WI  53202 USA | ( 1.414.347.6271 | 7 
1.888.601.4440 | * [email protected]

This message is intended for use only by the person(s) addressed above and 
may contain privileged and confidential information. Disclosure or use of 
this message by any other person is strictly prohibited. If this message 
is received in error, please notify the sender immediately and delete this 
message.




From:   "dan (ddp)" <[email protected]>
To:     "[email protected]" <[email protected]>, 
Date:   06/19/2013 08:48 AM
Subject:        Re: [ossec-list] failover server
Sent by:        [email protected]



Welcome back.

On Mon, Jun 17, 2013 at 3:33 PM, Michael Barrett
<[email protected]> wrote:
> Is there a way to setup ossec agents to failover to another server?
>
> We have a single management server (RH OSSEC 2.7)
>
> The server is virtual, in the event of a disaster we would like to 
migrate
> the server over to our co-location facility.
>
> In my test I found that the agent could not talk to the server once it's 
IP
> address had changed (we used the name in the config and changed DNS to 
point
> to new location)
>
> I was able to get the agent to talk to the server once I generated a new 
key
> and pushed it out to the agent.
>
>
> Is there a way to set this up without having to re-issue keys to all my
> agents?
>

I believe the way to set it up is to add another server-ip entry to
the agent, and copy the client.keys from the first server to the
second. (restart agent processes and second server processes)

>
>
> Thanks!
> ____________________________________________
> Michael Barrett | Information Security Analyst - Lead | Mortgage 
Guaranty
> Insurance Corporation
> 270 E. Kilbourn Ave. | Milwaukee, WI  53202 USA | ( 1.414.347.6271 | 7
> 1.888.601.4440 | * [email protected]
>
> This message is intended for use only by the person(s) addressed above 
and
> may contain privileged and confidential information. Disclosure or use 
of
> this message by any other person is strictly prohibited. If this message 
is
> received in error, please notify the sender immediately and delete this
> message.
>
> --
>
> ---
> You received this message because you are subscribed to the Google 
Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send 
an
> email to [email protected].
> For more options, visit 
https://urldefense.proofpoint.com/v1/url?u=https://groups.google.com/groups/opt_out&k=jBZCcUEtecsEqEpqTUdgJg%3D%3D%0A&r=kQFULLplNJvezX1OsQ4ZMnCtACpvbx%2B78GdKWTp7g4U%3D%0A&m=zZ6ZhGBwOrgqTFLV5YJ%2B3u3l6%2FUKOtcO3tY%2BAbbq3f8%3D%0A&s=241a2e83bf76bfdda763fd35bb433bf3217859df1d869259c4b50905bf4d4dda
.
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to [email protected].
For more options, visit 
https://urldefense.proofpoint.com/v1/url?u=https://groups.google.com/groups/opt_out&k=jBZCcUEtecsEqEpqTUdgJg%3D%3D%0A&r=kQFULLplNJvezX1OsQ4ZMnCtACpvbx%2B78GdKWTp7g4U%3D%0A&m=zZ6ZhGBwOrgqTFLV5YJ%2B3u3l6%2FUKOtcO3tY%2BAbbq3f8%3D%0A&s=241a2e83bf76bfdda763fd35bb433bf3217859df1d869259c4b50905bf4d4dda
.



-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to