Communication between agents and the OSSEC serverΒΆ

Communication between agents and the OSSEC server generally occurs on port 1514/udp in secure mode. If using the syslog mode for ossec-remoted, then port 514 is the default (both UDP and TCP are supported). These ports are configurable in the remote section of the ossec.conf

The secure connection method is generally preferred over syslog. Also, an outside syslog daemon (like rsyslog or syslog-ng) may be used instead of the syslog support in ossec-remoted.

Previous topic

Agents

Next topic

Managing Agents