Hi Martin,
I'm glad to know that everything is OK.
Your firewall configuration for the manager is good, filtering by source IP
is fine.
However the configuration for the agent should filter by source port,
because we do not know which port the agent communicates from.
I mean, the agent does not
Hello,
Thank you for your answers !
This is finaly working, what I had to do was to allow the traffic through
1514 with the following ;
*On the agent :*
- sudo iptables -D INPUT -j DROP
- iptables -A INPUT -p UDP --dport 1514 -s 10.0.0.1 -j ACCEPT
- iptables -A INPUT -p UDP --dport
Hi Martin,
please give us a clue: do you see any issue at the logs?
For example, when the agent switches to other server you should see logs
such:
ossec-agentd: INFO: Closing connection to server (10.0.0.1:1514).
ossec-agentd: INFO: Trying to connect to server (10.0.0.2:1514).
If the agent giv
Even after 1 hour my agents won't connect to the second manager.
Here are the step that i've done so far;
- Having my two managers with the same ossec.conf, local_decoder,
local_rules, client, client.keys
- Opening the port 1514 on all the agents and the manager.
- Specify the manag
On Wed, Apr 5, 2017 at 11:32 AM, Martin wrote:
> Hello Victor,
>
> I tried to run a second manager and I've the same file
> /var/ossec/etc/client.keys on it and on the first manager. I've copied the
> local_rules, ossec.conf, local_decoder as well.
>
> And I've specified on the agents to listen on
Hello Victor,
I tried to run a second manager and I've the same file
/var/ossec/etc/client.keys
on it and on the first manager. I've copied the local_rules, ossec.conf,
local_decoder as well.
And I've specified on the agents to listen on him as you told me ;
10.0.0.1 10.0.0.2
My first man
Sorry I forgot to mention Chef, you can definitely use it to deploy your
agents.
If you are interested on it, take a look at:
https://github.com/sous-chefs/ossec.
Best regards.
On Tue, Apr 4, 2017 at 2:55 PM, Martin wrote:
> Is it possible to deploy them (agents) easily via chef ?
>
> THank yo
Is it possible to deploy them (agents) easily via chef ?
THank you again for your answers!
Best regards.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to o
Hi Martin,
there are actually some options to deploy agents, you can use Puppet or
Ansible to make a large deployment. A very simple unattended installation
could be installing the agent with preloaded variables. You can find file
etc/preloaded-vars.conf at the source code, fill it (uncomment and
I know it is possible with "Unattended Source Installation" but i'd still
have to add manually these agents on the manager or is there another way :)
?
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop
Hi Victor,
Now that I know it is possible to have a second manager in case the first
one stop running. I'm wondering, is there a proper way to copy the first
manager to duplicate it ? Like that i won't have to configure the second
manager as I did with the first one.
And I was looking aswell
Hi Martin,
when agents connect to manager, the latter sends an ACK message to confirm
that the connection is established. From that moment on, agents send data
with no arrival confirmation. This means that, if the server went down,
agents would keep sending data, that will be lost.
There is a mec
Hello everyone,
I was wondering, what happen if the "manager" bug / shutdown ?
It might sounds stupid but what behavior will the agents have ? Will they
make my server bug, consume too much cpu/ram or trying to send message all
the time etc ?
Is there a way to have a second manager as a backu
Hello everyone,
I was wondering, what happen if the "manager" bug / shutdown ?
It might sounds stupid but what behavior will the agents have ? Will they
make my server bug, consume too much cpu/ram or trying to send message all
the time etc ?
Is there a way to have a second manager as a backu
14 matches
Mail list logo