Hi
On Tue, Apr 9, 2013 at 12:43 PM, dan (ddp) <ddp...@gmail.com> wrote: > On Tue, Apr 9, 2013 at 12:35 PM, Iqbal Aroussi <iq...@aroussi.ca> wrote: > > Hi, > > > > I'm a little bit lost, I have a central OSSEC Server and several agents > > (Linux, Windows) > > I want to monitor a specific exe file in Windows machines just the > > executable not all the files in the directory. there is no registry keys > for > > this application. > > > > My second question that really confuses me, is that on the agents the > > What's the first qustion? > Sorry, my first question is that I want to monitor a specific app.exe file in Windows machines just the executable not all the files in the directory. there is no registry keys for this application. > > > ossec.conf file contains some redundant option that are already on the > > central OSSEC Server like > > <frequency>300</frequency> > > That is incredibly generic. Can you provide some context? > > In OSSEC Server ossec.conf I have : <syscheck> <!-- Frequency that syscheck is executed - default to every 22 hours --> <frequency>300</frequency> </syscheck> and in the Windows OSSEC Agent ossec.conf I have <syscheck> <!-- Default frequency, every 20 hours. It doesn't need to be higher - on most systems and one a day should be enough. --> <frequency>72000</frequency> </syscheck> I want to know which value is going to be applied to the agent. > > what takes precedence in this case the value on agent or server config ? > > > > The OSSEC server's ossec.conf has very little control over the agents. > A lot of the settings in there are for the agent-like processes > running on the server (it monitors itself). > > Does this mean, to monitor files a directories I have to modify the Agents ossec.conf files not OSSEC Server's ? > > Best Regards > > > > Iqbal Aroussi > > 514-627-0438 > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to ossec-list+unsubscr...@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.