Having googled I can see there are other siimilar queries to mine, but I have one issue that the others haven;t addressed.
We run a Ossec-Hids server, as part of various SLAs and accreditations. It is basically a 24 x7, always on system etc. Ive inherirted the admin of it - deep joy. We have to migrate it because its sitting on a very old centos 5 server - all part of security vulnerabilities updates All is fine to install on the new server (S2) including copying /var/ossec/etc and rules and queues from the old server (S1). If i run manage_agents -l I can see that S2 knows all about all the client . The issue comes in getting the clients to happily an easily use S2. If I update the server Ip and retart the client - it won;t connect. The solution seems to be to stop server and client, remove queue/rids<agent number> and restart server then client and away it goes. the problem of course being... now we have potentially lost data from the client during the switch, and any other working clients while the server is down.. I also found a suggestion that several listed servers in a clients config were used in a list-down manner ... the top ost working server was the one that was used and the lower ones ignored until the upper servers were not available. But I dunno if that is what actually happens. Has anyone a simple minimal loss of data migration guide by any chance? pretty please? ta ian -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
