On Fri, Aug 29, 2014 at 4:52 PM, theresa mic-snare <[email protected]> wrote: > thanks ricardo and dan, > > i was wondering the very same thing. > > @dan: what do you mean by "rids" checks in particular? >
The rids thing is how OSSEC tries to stop replay attacks. There's a number stores on the manager that increments with every message. If the message sent by the agent has a lower value than the one stores on the manager, the message is rejected. There's a way to turn off this check, but I can't remember how off hand. Hopefully it's documented. Maybe it's this: http://ossec-docs.readthedocs.org/en/latest/syntax/head_internal_options.analysisd.html#intopt-remoted.verify_msg_id > Am Freitag, 29. August 2014 20:48:56 UTC+2 schrieb dan (ddpbsd): >> >> On Fri, Aug 29, 2014 at 2:43 AM, <[email protected]> wrote: >> > Dear all, >> > >> > I have a Ossec manager and some agents, and I would like to add a second >> > manager in active-standby or active-active mode. >> > Is possible to configure high availability in Ossec? Is there any >> > documentation about it? I'm not able to find it. >> > >> > Thanks in advance >> > >> >> Setup a second server, add the client.keys files from the first. Turn >> off the rids checks, and add the IP to the agents. >> >> > Ricardo >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
