If you want to install the agent on systems without a static IP address or behind a NAT device, you need to configure the agent using a CIDR address or the ip address of any.
To add an agent that can receive any IP address in the 192.168.2.0/24 network, just provide the IP address of the agent as 192.168.2.0/24. Example (taken from manage_agents):
Please provide the following: * A name for the new agent: test * The IP Address of the new agent: 192.168.2.0/24
The same applies to systems behind a NAT device. The OSSEC server will see all agents behind the NAT as if they have the same IP address.
For example, you have systems 192.168.1.2, 192.168.1.3 and 192.168.1.4 behind a nat server that connects to network 10.1.1.0/24 with the ossec server on it.
In this case, you need to config the agents as if their IP was 10.1.1.0/24, because this is the IP that the server is seeing (not their original IP). Using any instead of an IP address or range is also a valid option, allowing the agent to connect from any IP address.
On the manage_agents tool, add each one of those agents on the server using the following format:
Please provide the following: * A name for the new agent: agent-1 * The IP Address of the new agent: 10.1.1.0/24
Please provide the following: * A name for the new agent: agent-2 * The IP Address of the new agent: any
Make sure to use one separate key for each agent.