On Mon, Feb 18, 2013 at 6:23 AM, Андрей Шевченко <dioeracl...@gmail.com> wrote: > osssec.conf(agent test_PC): > >> <ossec_config> >> >> >> <client> >> >> <config-profile>test1</config-profile> >> >> <server-ip>1.1.1.1</server-ip> >> >> </client> >> >> >> <active-response> >> >> <disabled>no</disabled> >> >> </active-response> >> >> >> </ossec_config> > > > > agent.conf(server): > >> <agent_config name="test_PC"> >> >> <syscheck> >> >> <directories check_all="yes">D:/</directories> >> >> </syscheck> >> >> </agent_config> >> >> >> <agent_config profile="test1"> >> >> <syscheck> >> >> <directories check_all="yes">F:/</directories> >> >> </syscheck> >> >> </agent_config> >> >> >> <agent_config os="Windows"> >> >> <syscheck> >> >> <directories check_all="yes">C:/</directories> >> >> </syscheck> >> >> </agent_config> > > > ossec.log(agent): > >> 2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'D:/'. >> >> 2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'C:/'. > > > Disk F is not monitored. > > Equal configuration for agent under FreeBSD works fine. > > -- >
You could add a bad option under that profile to see if it's being picked up, like monitoring a syslog file that doesn't actually exist. Other than that, I'd try something like: <agent_config profile="test1"> <syscheck> <directories check_all="yes">F:\.</directories> <!-- Notice the "." --> </syscheck> </agent_config> I can't test this at the moment, so I don't know for sure that it will work. > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
