Question: How are "Profiles" associated with clients / agents? Scenario: Agent ID = 001 = Web01 = IIS and MySQL = Windows Agent ID = 002 = Web02 = Apache/Tomcat and MySQL = CentOs I would like to have a profile for each server type so that I no longer see the following errors: 2013/06/24 10:08:52 ossec-agent(1952): INFO: Monitoring variable log file: 'C:\Tomcat7\logs\localhost_access_log.2013-06-24.txt'. 2013/06/24 10:08:52 ossec-agent(1103): ERROR: Unable to open file 'C:\Tomcat7\logs\localhost_access_log.2013-06-24.txt'. For Windows servers that do not have Tomcat for example? Based on the following from the web documentation from http://www.ossec.net/doc/syntax/head_agent_config.html?highlight=profile#profile :
profile<http://www.ossec.net/doc/syntax/head_agent_config.html#element-profile> This option to agent_config allows you to assign a profile name to the the block. Any agent may use this block if it is configured to use the defined profile. *Example:* <agent_config profile=”webservers”> *How do I tell Agent 002 that it should be associated with "LinuxWebs"* <agent_config profile=”LinuxWebs”> *How do I tell Agent 002 that it should be subordinate to "WinWebs"* <agent_config profile=”LinuxWebs”> *In the following config:* <agent_config profile=”LinuxWebs”> <localfile> <location>/var/log/secure</location> <log_format>syslog</log_format> </localfile> </agent_config> Thanks for all of the posts and info? Very helpful list!! Jared -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
