Does ossec-agent on Windows require to listen at udp port 3911
Martin Leung
I found the following event log from an Ossec Windows agent:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\Program Files\ossec-agent\ossec-agent.exe
Process identifier: 2084
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 3911
Allowed: No
User notified: No
Do I have to allow the traffic?
Rgds.
Martin
Daniel Cid
port chosen as the source port for the connections to the server. Just make
sure to allow ports 1514 in the server and outbound 1514 (keeping state)
in the agent side.
Hope it helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
Oyesanya, Femi
http://www.microsoft.com/windowsxp/expertzone/chats/transcripts/05_jan12
_win_fw.mspx
see if adding Ossec.exe to the firewall exception. I have a follow up.
Can Ossec Windows agent start from a static port. Port assignment seems
dynamic
Oyesanya, Femi
Thanks
-----Original Message-----
From: ossec...@googlegroups.com [mailto:ossec...@googlegroups.com]
On Behalf Of Daniel Cid
Sent: Thursday, August 10, 2006 12:44 PM
To: ossec...@googlegroups.com
Subject: [ossec-list] Re: Does ossec-agent on Windows require to listen
at udp port 3911
No, you don't need to open it in agent. It is probably just a random
port chosen as the source port for the connections to the server. Just
make
sure to allow ports 1514 in the server and outbound 1514 (keeping state)
in the agent side.
Hope it helps.
--
Daniel B. Cid
dcid ( at ) ossec.net
On 8/10/06, Martin Leung <ccma...@ust.hk> wrote: