(Assuming you’re on Linux) Are you familiar with the following sysctl settings?
net.ipv4.ip_local_port_range net.ipv4.ip_local_reserved_ports Wouter On 15 Jan 2015, at 06:25, Yaniv Ron <[email protected]> wrote: > see when you are running OSSEC on a SIP server for example that has lots of > calls - obviously lots of these sockets will be used ( every call uses local > ports). > Since we have lots of servers already up and running I do not want to change > the settings of the SIP on them. > > but I would like however to install the agents, only with the ability to > define the scope of source ports so they wont interfere.... > > > On Thu, Jan 15, 2015 at 7:18 AM, Yaniv Ron <[email protected]> wrote: > I have my application that listens on these ports on some of my servers...:/ > its causing our application lots of problems... > > On Wed, Jan 14, 2015 at 9:51 PM, David Lang <[email protected]> wrote: > On Wed, 14 Jan 2015, Yaniv Ron wrote: > > I am using 30000-60000 (source ports) on my servers, how can I change the > source port that the agent is using ? > > Why are you wanting to change the source port? > > "well known ports" are destination ports, not source ports. Your browser > talks to a website on port 80, but it talks _from_ a random high port. > > This is the normal way that all software works. > > David Lang > > On Wed, Jan 14, 2015 at 4:53 PM, dan (ddp) <[email protected]> wrote: > > On Wed, Jan 14, 2015 at 3:32 AM, Yaniv Ron <[email protected]> wrote: > Hi, > I found that one of the agents was using a very strange UDP port : > > ossec-age 7055 ossec 7u IPv4 437537314 0t0 > UDP 10.10.10.10:56594->ossec1 > > > 10.10.10.10 is the agent and ossec1 is the manager? If so, then 56594 > is the source port chosen at random. > > This server (as well as the rest of my agents) is behind a NAT. > I tried to find information about ALL the ports that OSSEC agents use > and I > didn't found any reasonable information for that. > > I would like to disable my ossec-agents to use these unkown ports - can > you > please advise about the following : > > 1) why was this port was in use ? what is it ? > 2) how can I disable it > > Thanks, -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
