# cd /usr/ports/security/ossec-hids-client # make install clean # rehash
Refer to OSSEC docs and tweak your initial client's /usr/local/ossec-hids/etc/ossec.conf.
Login to server and:
- At the menu press (A)dd an agent.
- Enter name: agent1
- Enter IP address (or subnet): 192.168.10.0/24
- Enter ID for the new agent: just press enter to accept
- At the main menu select (E)xtract key for an agent.
- Enter ID
- Copy the key without adding line breaks to it (important)
Now login to client again:
- Press (I)mport key from the server
- Paste the key
- Press y to confirm
Add to /etc/rc.conf on client:
# Enable OSSEC ossechids_enable="YES"
For the changes to be in effect you have to restart the server and start the agent:
server# service ossec-hids restart client# service ossec-hids start
You will probably need ot modify server's firewall. Connection uses random high port on client and port 1514 on the server, UDP.
Check server's web interface to make sure the server receives notification from the client you've just added.
If client could not connect
Stop both server and client. Then do on both the client and server:
# rm -rf queue/rids/*
Not start the server and client.
If this did not help try the FAQ: