OSSEC Deployment in restricted environment

35 views
Skip to first unread message

moosa aslam

unread,
May 27, 2021, 7:02:39 AMMay 27
to ossec-list
Dear all,

I am deploying OSSEC in restricted environment where agent and hosts are segregated by L3 switch. 

1- when I open 1514 udp/tcp on server the agent shows "never connected" as  the host which is my windows machine is unable to get any response from server because ossec uses random high ports. using tcpdump on server I can see server sending and receiving fix length of 73 size udp packets using port 1514, but no packets approaching the host machine.

2- for testing when I opened IP-IP to access means all ports access to and from server the agent manages to connect to server.

The problem is I have to specify specific ports for hosts using ossec using ACL on network level, as the environment is restricted and IP-IP access is not allowed. 
Reply all
Reply to author
Forward
0 new messages