decoder.xml and the rules live on the server, not the agents.
On Wed, Jul 14, 2010 at 4:50 PM, Jason 'XenoPhage' Frisvold <xenoph...@godshell.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > I have all of my agents online now. The process is less optimal than I > would like, but I suppose it will work for now.. > > I have a few questions about how this all works now.. I know the > information in the agent.conf file is sent to the remote systems and > used after a restart of the remote. In fact, I have set up the remote > systems with a very sparse ossec.conf containing only the IP of the > management system, which seems to be working. > > What about other data? Is the decoder.xml or rootkit files sent to the > remotes? Or must I keep those in sync manually? Does it hurt to > aggregate every version of decoder I need into a single file and > distribute it to all hosts? (What I mean is, a single file instead of > unique ones for each host, depending on what the host is/does) > > Thanks, > > - -- > - --------------------------- > Jason 'XenoPhage' Frisvold > xenoph...@godshell.com > - --------------------------- > "Any sufficiently advanced magic is indistinguishable from technology." > - - Niven's Inverse of Clarke's Third Law > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.14 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkw+IvwACgkQ8CjzPZyTUTQCbACeOCvqO0DFLCoedXuL3/lXhu6O > jeIAoIXj2hnYvminJblKir99CzeTenHK > =UVl9 > -----END PGP SIGNATURE----- >