Hello , Another starter's question . I am trying to make agent.conf work but with no luck so far . I have created the /var/ossec/etc/shared/agent.conf with the following entries :
<agent_config name=”windows7"> <syscheck> <frequency>72000</frequency> <directories check_all="yes">c:\test\</directories> </syscheck> </agent_config> <agent_config name=”solar1"> <syscheck> <frequency>72000</frequency> <directories check_all="yes">/opt/test</directories> </syscheck> </agent_config> The agent.conf does get copied on target machines (a windows system and a Solaris one ) successfully with no errors .However ossec.log in either system is not indicating that it is monitoring the directories specified in agent.conf. And changes are not caught. Am I missing something ? Oh and a couple of questions\notes : -agent_control -R does not seem to do anything against Windows platforms .In fact nothing of agent_control works against Windows ? Is there a port that needs to be opened on the target system ? (server side 1514 is open and in general I haven't anything blocking it ). Or it does not work against Windows, period? -agent.conf and ossec.conf of each system are combined .What happens when values are contradicting ? Does agent.conf override local configurations? Thank you !
