Dear all, I am deploying OSSEC in restricted environment where agent and hosts are segregated by L3 switch.
1- when I open 1514 udp/tcp on server the agent shows "never connected" as the host which is my windows machine is unable to get any response from server because ossec uses random high ports. using tcpdump on server I can see server sending and receiving fix length of 73 size udp packets using port 1514, but no packets approaching the host machine. 2- for testing when I opened IP-IP to access means all ports access to and from server the agent manages to connect to server. The problem is I have to specify specific ports for hosts using ossec using ACL on network level, as the environment is restricted and IP-IP access is not allowed. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/eff833cb-1f3b-4165-a8dd-f3811f5bf775n%40googlegroups.com.