Re: [ossec-list] Ossec agent logs to two ossec server's / sensors

2018-11-28 Thread 700grm
Hi Dan, 

I am trying to look for configuration file where I can increase 30 minutes 
interval, but cannot find it - "but an agent will failover to 
a second server after a while (30 minutes?). "


On Friday, July 6, 2018 at 1:11:43 PM UTC+1, dan (ddpbsd) wrote:
>
> On Fri, Jul 6, 2018 at 3:43 AM, Shaikh S.  > wrote: 
> > Hello Folks, 
> > 
> > Hope you're doing well. 
> > 
> > Is it possible to configure ossec agent to send the logs to two 
> different 
> > server's. for example if the DC ossec server get's down, is it possible 
> to 
> > forward the same agent logs to other DR ossec server. 
> > (Active / Passive monitoring ) 
> > 
>
> You can't send to both at the same time, but an agent will failover to 
> a second server after a while (30 minutes?). 
> I'm hoping the virgil security noisesocket work helps with this. 
>
> > Any help will be greatful. 
> > 
> > Thanks in advance !!! 
> > 
> > 
> > Regards, 
> > Shaikh S. 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [ossec-list] Ossec agent logs to two ossec server's / sensors

2018-07-12 Thread Shaikh S.
Hello, 

Thank you so much Dan, I'll try this. 

Best Regards, 
Shaikh S. 

>
> I've never done it, so this is mostly a guess: 
>
> Create a second OSSEC manager. 
> Copy the client.keys file from the original manager to the new one. 
> Turn off the rids functionality on the servers and agents. 
> Add another  entry to the agents' ossec.conf files. 
>
> > Thanks !!! 
> > 
> > On Friday, July 6, 2018 at 5:41:43 PM UTC+5:30, dan (ddpbsd) wrote: 
> >> 
> >> On Fri, Jul 6, 2018 at 3:43 AM, Shaikh S.  wrote: 
> >> > Hello Folks, 
> >> > 
> >> > Hope you're doing well. 
> >> > 
> >> > Is it possible to configure ossec agent to send the logs to two 
> >> > different 
> >> > server's. for example if the DC ossec server get's down, is it 
> possible 
> >> > to 
> >> > forward the same agent logs to other DR ossec server. 
> >> > (Active / Passive monitoring ) 
> >> > 
> >> 
> >> You can't send to both at the same time, but an agent will failover to 
> >> a second server after a while (30 minutes?). 
> >> I'm hoping the virgil security noisesocket work helps with this. 
> >> 
> >> > Any help will be greatful. 
> >> > 
> >> > Thanks in advance !!! 
> >> > 
> >> > 
> >> > Regards, 
> >> > Shaikh S. 
> >> > 
> >> > -- 
> >> > 
> >> > --- 
> >> > You received this message because you are subscribed to the Google 
> >> > Groups 
> >> > "ossec-list" group. 
> >> > To unsubscribe from this group and stop receiving emails from it, 
> send 
> >> > an 
> >> > email to ossec-list+...@googlegroups.com. 
> >> > For more options, visit https://groups.google.com/d/optout. 
> > 
> > -- 
> > 
> > --- 
> > You received this message because you are subscribed to the Google 
> Groups 
> > "ossec-list" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> an 
> > email to ossec-list+...@googlegroups.com . 
> > For more options, visit https://groups.google.com/d/optout. 
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [ossec-list] Ossec agent logs to two ossec server's / sensors

2018-07-11 Thread dan (ddp)
On Tue, Jul 10, 2018 at 12:24 AM, Shaikh S.  wrote:
> Hello Dan,
>
> Thanks for your reply!!!
>
> Can you please tell me how I can configure it for failover.
>

I've never done it, so this is mostly a guess:

Create a second OSSEC manager.
Copy the client.keys file from the original manager to the new one.
Turn off the rids functionality on the servers and agents.
Add another  entry to the agents' ossec.conf files.

> Thanks !!!
>
> On Friday, July 6, 2018 at 5:41:43 PM UTC+5:30, dan (ddpbsd) wrote:
>>
>> On Fri, Jul 6, 2018 at 3:43 AM, Shaikh S.  wrote:
>> > Hello Folks,
>> >
>> > Hope you're doing well.
>> >
>> > Is it possible to configure ossec agent to send the logs to two
>> > different
>> > server's. for example if the DC ossec server get's down, is it possible
>> > to
>> > forward the same agent logs to other DR ossec server.
>> > (Active / Passive monitoring )
>> >
>>
>> You can't send to both at the same time, but an agent will failover to
>> a second server after a while (30 minutes?).
>> I'm hoping the virgil security noisesocket work helps with this.
>>
>> > Any help will be greatful.
>> >
>> > Thanks in advance !!!
>> >
>> >
>> > Regards,
>> > Shaikh S.
>> >
>> > --
>> >
>> > ---
>> > You received this message because you are subscribed to the Google
>> > Groups
>> > "ossec-list" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> > an
>> > email to ossec-list+...@googlegroups.com.
>> > For more options, visit https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [ossec-list] Ossec agent logs to two ossec server's / sensors

2018-07-06 Thread dan (ddp)
On Fri, Jul 6, 2018 at 3:43 AM, Shaikh S.  wrote:
> Hello Folks,
>
> Hope you're doing well.
>
> Is it possible to configure ossec agent to send the logs to two different
> server's. for example if the DC ossec server get's down, is it possible to
> forward the same agent logs to other DR ossec server.
> (Active / Passive monitoring )
>

You can't send to both at the same time, but an agent will failover to
a second server after a while (30 minutes?).
I'm hoping the virgil security noisesocket work helps with this.

> Any help will be greatful.
>
> Thanks in advance !!!
>
>
> Regards,
> Shaikh S.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.