Hello everyone,
Let's say I have a firewall that I want to configure to send it's logs to
my OSSEC server.
I know that I can simply configure my firewall to send logs to my OSSEC
server's IP and the ossec server like this:
<remote>
<connection>syslog</connection>
<allowed-ips>{FIREWALL_IP}</allowed-ips>
</remote>
The thing is that this is an insecure connection and the logs are being
sent unencrypted.
In OSSEC's documentation it states that there is also the
<connection>secure</connection> option that uses authentication and
encryption for the logs and receives logs at port 1514.
I set my firewall to send remote logs to OSSEC server's IP:1514 but I am
not seeing the logs at archives.logs (I check the traffic on 1514 port and
I indeed receive traffic from the firewall, although it's not logged)
So I guess that the whole "secure" thing to work needs some kind of
authentication as I stated before.
My question is how do I actually configure that? On the firewall, and on
the OSSEC server?
Any answers or suggestions are appreciated!
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/dad13c7a-7c0e-4444-ae04-46414f1ba62f%40googlegroups.com.
