On Thu, Feb 21, 2013 at 6:38 AM, Андрей Шевченко <dioeracl...@gmail.com> wrote: > I tried to add a bad option and i see that it is not being picked up... > Like in my example, i don't see anything related to options in specific > agent profile. >
You could check the code repository to see if the commits enabling this functionality for unixy systems also enabled it for Windows. > вторник, 19 февраля 2013 г., 23:15:44 UTC+6 пользователь dan (ddpbsd) > написал: >> >> On Mon, Feb 18, 2013 at 6:23 AM, Андрей Шевченко <dioer...@gmail.com> >> wrote: >> > osssec.conf(agent test_PC): >> > >> >> <ossec_config> >> >> >> >> >> >> <client> >> >> >> >> <config-profile>test1</config-profile> >> >> >> >> <server-ip>1.1.1.1</server-ip> >> >> >> >> </client> >> >> >> >> >> >> <active-response> >> >> >> >> <disabled>no</disabled> >> >> >> >> </active-response> >> >> >> >> >> >> </ossec_config> >> > >> > >> > >> > agent.conf(server): >> > >> >> <agent_config name="test_PC"> >> >> >> >> <syscheck> >> >> >> >> <directories check_all="yes">D:/</directories> >> >> >> >> </syscheck> >> >> >> >> </agent_config> >> >> >> >> >> >> <agent_config profile="test1"> >> >> >> >> <syscheck> >> >> >> >> <directories check_all="yes">F:/</directories> >> >> >> >> </syscheck> >> >> >> >> </agent_config> >> >> >> >> >> >> <agent_config os="Windows"> >> >> >> >> <syscheck> >> >> >> >> <directories check_all="yes">C:/</directories> >> >> >> >> </syscheck> >> >> >> >> </agent_config> >> > >> > >> > ossec.log(agent): >> > >> >> 2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'D:/'. >> >> >> >> 2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'C:/'. >> > >> > >> > Disk F is not monitored. >> > >> > Equal configuration for agent under FreeBSD works fine. >> > >> > -- >> > >> >> You could add a bad option under that profile to see if it's being >> picked up, like monitoring a syslog file that doesn't actually exist. >> >> Other than that, I'd try something like: >> >> <agent_config profile="test1"> >> <syscheck> >> <directories check_all="yes">F:\.</directories> <!-- Notice the "." --> >> </syscheck> >> </agent_config> >> >> I can't test this at the moment, so I don't know for sure that it will >> work. >> >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
