Hi, https://groups.google.com/forum/#!topic/ossec-list/iauQG7DrSM8 has some good hints on how to do this.
Main points: * Spin up your other OSSEC server * Add additional server_ip to your agent configuration * In agent & server internal_options.conf files, set remoted.verify_msg_id=0 * Keep client.keys in sync between your two server instances ** A cron job that scp the files over is a quick and dirty way of doing this One thing to keep in mind is it takes the agents 30 minutes currently to fall over to the other server. You shouldn't lose any messages, but you'll have 30 minutes where won't have any events to look at. My plan is to look at potentially using haproxy to help facilitate the fallover with some better mechanism to keep the data in sync. --Josh On Tuesday, February 11, 2014 5:06:55 AM UTC-5, Dolph Rocks wrote: > > Hi , > > Can anyone please tell me the exact steps to set up High Availability > server for already running ossec server? > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
