Hello all,
I think this approach can be a little dangerous because of the race
conditions. For example, if authd is running on several managers, the
client.keys file will have inconsistent data.
An architecture to synchronize the client.keys and agent-info files would
be enough since it is
Hello ,
May i know the steps to Configure Ossec under cluster ..
Regards
Sandeep CH
On Thursday, November 14, 2013 at 9:25:11 PM UTC+5:30, Juan Berner wrote:
>
> Hi, I have 5 servers sharing the same NFS folder for /var/ossec, and it
> seems to be working. I've inherited this
Old thread. Did it end up working out? We're having trouble with the
sockets being on NFS even just restarting ossec on the same host (let alone
on 5).
On Tuesday, June 24, 2014 at 6:17:52 PM UTC+2, Roy Feintuch wrote:
>
> Just saw this thread and wish to add my 2 cents:
> - Syscheck: there is
Just saw this thread and wish to add my 2 cents:
- Syscheck: there is a state that is in both memory and file system
regarding the agents that finished creating the initial baseline and are
ready. I suspect it might not trigger FIM alerts for new agents.
- Complex events (correlation). I'm not
