Hi Juan, I am affraid not completely. You can distribute the /var/ossec/etc dir from NFS or such but load balancing UDP with SSL traffic is not working 100% for me right now. It has to do with my load balancer setup (LVS/Pen) but I think the most important things are: - make sure that 1 of the 2 OSSEC managers is the master and the other the slave by setting weights/priorities in your load balancer config - make sure the return traffic works flawless
Hope this helps a bit. Michiel 2013/11/14 Juan Berner <[email protected]> > Hi Michel, > > Were you able to implement ossec as a cluster service? > > Im looking for a similar solution. > > Thanks, > > Juan > > On Friday, November 1, 2013 11:35:45 AM UTC-3, Michiel van Es wrote: >> >> Hi Chris, >> >> I am not worried about the loadbalancer with a virtual ip, we'll use F5's >> for that matter or heartbeat. >> Perhaps I should just test it first with a simple PoC but was hoping I am >> not the only one running the manager in a redundant form ;) >> >> Michiel >> >> >> 2013/11/1 Chris H <[email protected]> >> >>> Hi Michiel. Do you have any current load-balancers that you could set >>> up a Virtual IP on, and point the agents to the VIP? Or use something like >>> heartbeat <http://linux-ha.org/wiki/Heartbeat>? >>> >>> I'm not sure how you'd sync the config, maybe store them on a mount from >>> a SAN or even something like rsync to keep the secondary server up to date? >>> >>> Chris >>> >>> >>> On Thursday, October 31, 2013 2:19:40 PM UTC, Michiel van Es wrote: >>>> >>>> Hello, >>>> >>>> I am planning to setup OSSEC 2.7 for my company for about 500+ servers >>>> and some appliances. >>>> It will be running on Red Hat 5 + 6 agents mainly. >>>> >>>> There is a company policy that one server is the same a no server at >>>> all (redundancy is a must in my company). >>>> >>>> Is it possible to create a redundant setup of 2 OSSEC managers, having >>>> the port 1514 UDP load balanced and both servers store their entries and >>>> databases/keys on a NAS or single (redundant) storage platform? >>>> >>>> Has aynone else created such a setup? >>>> I want to use rsync/bash scripting as less as possible to make the >>>> setup easy to maintain :) >>>> >>>> Michiel >>>> >>> -- >>> >>> --- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "ossec-list" group. >>> To unsubscribe from this topic, visit https://groups.google.com/d/ >>> topic/ossec-list/Te19hMcUCYo/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/Te19hMcUCYo/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
