Hi
On Tue, Apr 9, 2013 at 12:43 PM, dan (ddp) <ddp...@gmail.com> wrote:
> On Tue, Apr 9, 2013 at 12:35 PM, Iqbal Aroussi <iq...@aroussi.ca> wrote:
> > Hi,
> >
> > I'm a little bit lost, I have a central OSSEC Server and several agents
> > (Linux, Windows)
> > I want to monitor a specific exe file in Windows machines just the
> > executable not all the files in the directory. there is no registry keys
> for
> > this application.
> >
> > My second question that really confuses me, is that on the agents the
>
> What's the first qustion?
>
Sorry, my first question is that I want to monitor a specific app.exe file
in Windows machines just the executable not all the files in the directory.
there is no registry keys for this application.
>
> > ossec.conf file contains some redundant option that are already on the
> > central OSSEC Server like
> > <frequency>300</frequency>
>
> That is incredibly generic. Can you provide some context?
>
>
In OSSEC Server ossec.conf I have :
<syscheck>
<!-- Frequency that syscheck is executed - default to every 22 hours -->
<frequency>300</frequency>
</syscheck>
and in the Windows OSSEC Agent ossec.conf I have
<syscheck>
<!-- Default frequency, every 20 hours. It doesn't need to be higher
- on most systems and one a day should be enough.
-->
<frequency>72000</frequency>
</syscheck>
I want to know which value is going to be applied to the agent.
> > what takes precedence in this case the value on agent or server config ?
> >
>
> The OSSEC server's ossec.conf has very little control over the agents.
> A lot of the settings in there are for the agent-like processes
> running on the server (it monitors itself).
>
>
Does this mean, to monitor files a directories I have to modify the Agents
ossec.conf files not OSSEC Server's ?
> > Best Regards
> >
> > Iqbal Aroussi
> > 514-627-0438
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "ossec-list" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to ossec-list+unsubscr...@googlegroups.com.
> > For more options, visit https://groups.google.com/groups/opt_out.
> >
> >
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
