Have a mixed environment with 2000 nodes - HP, AIX, Linux, Windows, Solaris. The only common denominator (not for Windows) was using puppet. It also makes managing groups of servers and configs so much easier. I have specific recipes for different types of servers, regardless of the OS. For example a web server could be Linux or Solaris,v but I keep one agent.cong file. It is on the puppet master server, when I change it gets pulled by all the puppet clients and they have rules saying "restart" when the file changes. I stick with the default 30 minute cycle, so the bottom line is that a worse case scenario is I change the config, and within about 30 minutes, all the associated servers are updated and running the new agent config.
www.puppetlabs.com cheers Kat On Jul 14, 2:06 pm, jplee3 <jpl...@gmail.com> wrote: > Hi all, > > Does anyone have suggestions on pushing agent.conf after making > changes and having this go into effect immediately? I'm specifically > looking at when additions are made to monitor logfiles. > > The agent.conf normally gets pushed after some time. However, it > doesn't seem like OSSEC will actually read the file until the next > restart. > > Is there a way to force the OSSEC agent to *always* restart after the > agent.conf is loaded? > > Am I missing something here? > > Thanks, > Jeremy