Re: [ossec-list] OSSEC agent on windows laptops that will be out of the network

One solution to the connectivity issue is to install a VPN on all of the external devices and communicate with the OSSEC server using the VPN. This is what we do for our clients and it works without any issues. With regard to storing events, there is an older Windows event collector called

Re: [ossec-list] OSSEC agent on windows laptops that will be out of the network

Has there been any further thought on this issue? I am in the same boat. On Wednesday, September 14, 2016 at 12:43:56 AM UTC-5, Vilius wrote: > > Jesus, > > when question is should I send alert into the void or into archive, there > are cases when archiving is a better option. > > Vilius > > On

Re: [ossec-list] OSSEC agent on windows laptops that will be out of the network

Jesus, when question is should I send alert into the void or into archive, there are cases when archiving is a better option. Vilius On Tue, Sep 13, 2016 at 8:54 PM, Jesus Linares wrote: > Vilius, OSSEC is designed to receive alerts from the present and not old > logs. If you

Re: [ossec-list] OSSEC agent on windows laptops that will be out of the network

Vilius, OSSEC is designed to receive alerts from the present and not old logs. If you send to OSSEC old logs, the alert timestamp will be the timestamp when the alert was triggered (and not the timestamp when the log was generated). I was talking about a related issue here

Re: [ossec-list] OSSEC agent on windows laptops that will be out of the network

Didnt know you can use "ANY" , thats great thanks a lot. If my ossec server is accessible externally any alerts from the agents should still reach my server right ? ( if the agents are connected to the net and nothing blocking ) On Tuesday, 13 September 2016 10:51:37 UTC+1, Jesus Linares

Re: [ossec-list] OSSEC agent on windows laptops that will be out of the network

Hey, anyone hacked/tested a workaround for this issue - caching/releasing? For example by logging into native MS event log in order to process it later via MS event subscription or caching syslog agent? V anyway, remember that the agents send the alerts in real time. *Alerts are > not stored

Re: [ossec-list] OSSEC agent on windows laptops that will be out of the network

Hi, as Eero said, you can register your agents with ANY instead of the IP. anyway, remember that the agents send the alerts in real time. *Alerts are not stored to be sent later*. So, you are not going to receive the alerts generated in your agents when they were not connected to the Manager

Re: [ossec-list] OSSEC agent on windows laptops that will be out of the network

You can use ip address any while creating agent keys for roaming devices. Eero 2016-09-13 10:58 GMT+03:00 Nick Giannoulis : > Hi all > I have an OSSEC server running perfectly monitoring all my servers. I > want to expand it to start monitoring my 'normal' clients ( win7-10

[ossec-list] OSSEC agent on windows laptops that will be out of the network

Hi all I have an OSSEC server running perfectly monitoring all my servers. I want to expand it to start monitoring my 'normal' clients ( win7-10 laptops and workstations ) . Some of these laptops will be outside of the network most of the time. Considering that ossec agents shouldnt have the