Is it possible to add this functionality in a future version of ossec-agent for win?
среда, 27 февраля 2013 г., 10:11:21 UTC+6 пользователь Андрей Шевченко написал: > > It looks like this feature was not included in the ossec-hids/src/win32/ > I have not found any changes in the win32 sources. > > среда, 27 февраля 2013 г., 2:01:56 UTC+6 пользователь dan (ddpbsd) написал: >> >> On Thu, Feb 21, 2013 at 6:38 AM, Андрей Шевченко <dioer...@gmail.com> >> wrote: >> > I tried to add a bad option and i see that it is not being picked up... >> > Like in my example, i don't see anything related to options in specific >> > agent profile. >> > >> >> You could check the code repository to see if the commits enabling >> this functionality for unixy systems also enabled it for Windows. >> >> > вторник, 19 февраля 2013 г., 23:15:44 UTC+6 пользователь dan (ddpbsd) >> > написал: >> >> >> >> On Mon, Feb 18, 2013 at 6:23 AM, Андрей Шевченко <dioer...@gmail.com> >> >> wrote: >> >> > osssec.conf(agent test_PC): >> >> > >> >> >> <ossec_config> >> >> >> >> >> >> >> >> >> <client> >> >> >> >> >> >> <config-profile>test1</config-profile> >> >> >> >> >> >> <server-ip>1.1.1.1</server-ip> >> >> >> >> >> >> </client> >> >> >> >> >> >> >> >> >> <active-response> >> >> >> >> >> >> <disabled>no</disabled> >> >> >> >> >> >> </active-response> >> >> >> >> >> >> >> >> >> </ossec_config> >> >> > >> >> > >> >> > >> >> > agent.conf(server): >> >> > >> >> >> <agent_config name="test_PC"> >> >> >> >> >> >> <syscheck> >> >> >> >> >> >> <directories check_all="yes">D:/</directories> >> >> >> >> >> >> </syscheck> >> >> >> >> >> >> </agent_config> >> >> >> >> >> >> >> >> >> <agent_config profile="test1"> >> >> >> >> >> >> <syscheck> >> >> >> >> >> >> <directories check_all="yes">F:/</directories> >> >> >> >> >> >> </syscheck> >> >> >> >> >> >> </agent_config> >> >> >> >> >> >> >> >> >> <agent_config os="Windows"> >> >> >> >> >> >> <syscheck> >> >> >> >> >> >> <directories check_all="yes">C:/</directories> >> >> >> >> >> >> </syscheck> >> >> >> >> >> >> </agent_config> >> >> > >> >> > >> >> > ossec.log(agent): >> >> > >> >> >> 2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'D:/'. >> >> >> >> >> >> 2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: 'C:/'. >> >> > >> >> > >> >> > Disk F is not monitored. >> >> > >> >> > Equal configuration for agent under FreeBSD works fine. >> >> > >> >> > -- >> >> > >> >> >> >> You could add a bad option under that profile to see if it's being >> >> picked up, like monitoring a syslog file that doesn't actually exist. >> >> >> >> Other than that, I'd try something like: >> >> >> >> <agent_config profile="test1"> >> >> <syscheck> >> >> <directories check_all="yes">F:\.</directories> <!-- Notice the "." >> --> >> >> </syscheck> >> >> </agent_config> >> >> >> >> I can't test this at the moment, so I don't know for sure that it will >> >> work. >> >> >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> send >> >> > an >> >> > email to ossec-list+...@googlegroups.com. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> > >> >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an >> > email to ossec-list+...@googlegroups.com. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > >> > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.