On Tue, Sep 2, 2014 at 7:51 AM, dan (ddp) <[email protected]> wrote: > On Fri, Aug 29, 2014 at 4:52 PM, theresa mic-snare > <[email protected]> wrote: >> thanks ricardo and dan, >> >> i was wondering the very same thing. >> >> @dan: what do you mean by "rids" checks in particular? >> > > The rids thing is how OSSEC tries to stop replay attacks. There's a > number stores on the manager that increments with every message. If > the message sent by the agent has a lower value than the one stores on > the manager, the message is rejected. > There's a way to turn off this check, but I can't remember how off > hand. Hopefully it's documented. Maybe it's this: > http://ossec-docs.readthedocs.org/en/latest/syntax/head_internal_options.analysisd.html#intopt-remoted.verify_msg_id >
Oh yeah, if they get out of sync there could be issues. So turning it off seems like the easiest solution. >> Am Freitag, 29. August 2014 20:48:56 UTC+2 schrieb dan (ddpbsd): >>> >>> On Fri, Aug 29, 2014 at 2:43 AM, <[email protected]> wrote: >>> > Dear all, >>> > >>> > I have a Ossec manager and some agents, and I would like to add a second >>> > manager in active-standby or active-active mode. >>> > Is possible to configure high availability in Ossec? Is there any >>> > documentation about it? I'm not able to find it. >>> > >>> > Thanks in advance >>> > >>> >>> Setup a second server, add the client.keys files from the first. Turn >>> off the rids checks, and add the IP to the agents. >>> >>> > Ricardo >>> > >>> > -- >>> > >>> > --- >>> > You received this message because you are subscribed to the Google >>> > Groups >>> > "ossec-list" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> > an >>> > email to [email protected]. >>> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
