Hi All, I am working on a new deployment of OSSEC which has both Windows Server 2003 and RedHat Linux clients. We are setting up the centralized agent configuration and have a need to disable most of the localfile checks (on both Windows and Linux). We already have another solution deployed which monitors event logs on Windows and Linux so we do not require this functionality in most cases.
Is there a way to override the default Windows and Linux localfile checks which are present in the client ossec.conf (disable or remove them)? I could not determine a way to accomplish this with the centralized agent.conf since these values only complement what is already present in the agent's ossec.conf. I'd prefer not to have to modify every client's ossec.conf to remove the localfile entries, if that can be avoided. Thanks, Tom Alessi
