Timothy Meader wrote:
Thanks for the reply. I've moved the OSSEC server to now use the same virtual IP as the logging/NFS portion (x.x.x.7), so that hopefully will make things slightly easier. This is doable presnetly because we haven't deployed the OSSEC clients to any nodes outside our local network yet, so it's relatively trivial for us at this stage to change the OSSEC server address locally on each node's conf file. The reason I can't use the IPsrcaddr script though (which I've seemingly verified just now after testing), is that it doesn't seem to work for any machines on the local subnet. We have about 20 nodes reporting in to the OSSEC server currently, all on the same /26 range as the HA server. For these machines, the following setup in the haresources file doesn't seem to work properly (the traffic is still going out to the clients on x.17 or x.18). Any further suggestions?
The server you are running is broken. You need to fix it (or get somebody else to fix it). Anything else you do is just a hack.
Or you could dump the product and get one written by people who understand networking. InfoSec tools with broken network code terrify me, as it's a sign of crappy programming which probably has other bugs. OSSEC added to my "I don't ever want to run it" list...
-- Carson _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
