On 2014-05-12 8:39, Joshua Garnett wrote:
I'm pretty sure OSSEC agent/servers send ACK messages when they
receive a message and also have a counter associated with what
messages they've sent/received. I've had network issues between my
agent and servers and once the connection is restored I see a large
spike of messages as the server catches up.
The counters you are probably referring to are RIDS. They help prevent
against replay attacks since the traffic is UDP. But there is no ACK of
every message that I am aware of.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
