On Tuesday, December 4, 2012 9:48:07 PM UTC+8, dan (ddpbsd) wrote:
>
> On Mon, Dec 3, 2012 at 9:37 PM, peng lin <[email protected] <javascript:>>
> wrote:
> > how to install with hybrid mode ?
> > is that use this ? to layer Deploy?
> > server
> > |
> > |
> > --- hybrid----------------hybrid--------
> > | | | |
> > agent agent agent agent...
> > if this ,
> > 1 how to config hybrid 's ossec.conf and agent's ?
> > 2 who Collect agent's alerts? hybrid or server ?
> > 3 if hybrid collect agent's alerts , how to send them to server , can
> hybrid
> > auto Forwarding the messages?
> > 4 have some docs to introduce it ?
> >
> >
>
> You can select hybrid during the installation instead of local, agent,
> or server. The install script takes care of most of the basic
> configuration.
>
> In hybrid mode the agents send their log messages (agents NEVER deal
> with alerts) to the hybrid-server. The hybrid-server analyzes the
> messages, and forwards alerts to another server. The hybrid-server
> does not forward log messages, only alerts.
>
do you means in hybrid ossec.conf,i should add
<client>
<server-ip>real serverip</server-ip>
</client>
and in agent's ossec.conf,i add
<client>
<server-ip>hybrid ip </server-ip>
</client> in global areas to finish the config
what else should pay attention to it ?
