Announcement

Collapse
No announcement yet.

Ossec HID, windows agents and subnets

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ossec HID, windows agents and subnets

    Hello,

    I've recently installed OSSEC HIDs on my test network, I used ubuntu server 14.04, got the web interface up and running, but I cant seem to get my windows agents (clients run windows OS with ossec agent for windows installed). I don't thinks it is a firewall issue because I've added rules to my firewall policy to allow the relevant ports, gone as far as bringing down the firewall but no luck. The ubuntu server is on a different subnet from my windows clients, could this be the root of my communication problem?

  • #2
    Re: Ossec HID, windows agents and subnets

    Is there a router connecting the two subnets? If so, does other traffic traverse the subnets without issue?

    Comment


    • #3
      Re: Ossec HID, windows agents and subnets

      There is a router between the subnets and either subnet can ping each other. Also the messages from the agents don't seem to be hitting the ossec server at all, the windows agent uses UDP port 1514 to communicate. Any ideas?

      Comment


      • #4
        Re: Ossec HID, windows agents and subnets

        Are these messages Unicast, Broadcast or Multicast?

        Comment

        Working...
        X