On Mon, Jun 24, 2013 at 1:15 PM, Jared <[email protected]> wrote:
> Question:
>
> How are "Profiles" associated with clients / agents?
>
> Scenario:
>
> Agent ID = 001 = Web01 = IIS and MySQL = Windows
>
> Agent ID = 002 = Web02 = Apache/Tomcat and MySQL = CentOs
>
> I would like to have a profile for each server type so that I no longer see
> the following errors:
>
> 2013/06/24 10:08:52 ossec-agent(1952): INFO: Monitoring variable log file:
> 'C:\Tomcat7\logs\localhost_access_log.2013-06-24.txt'.
> 2013/06/24 10:08:52 ossec-agent(1103): ERROR: Unable to open file
> 'C:\Tomcat7\logs\localhost_access_log.2013-06-24.txt'.
>
>
> For Windows servers that do not have Tomcat for example?
>
> Based on the following from the web documentation from
> http://www.ossec.net/doc/syntax/head_agent_config.html?highlight=profile#profile:
>
> profile
> This option to agent_config allows you to assign a profile name to the the
> block. Any agent may use this block if it is configured to use the defined
> profile.
>
> Example: <agent_config profile=”webservers”>
>
>
> How do I tell Agent 002 that it should be associated with "LinuxWebs"
>
> <agent_config profile=”LinuxWebs”>
>
>
>
> How do I tell Agent 002 that it should be subordinate to "WinWebs"
>
> <agent_config profile=”LinuxWebs”>
>
>
>
> In the following config:
>
> <agent_config profile=”LinuxWebs”>
> <localfile>
> <location>/var/log/secure</location>
> <log_format>syslog</log_format>
> </localfile>
>
>
> </agent_config>
>
> Thanks for all of the posts and info? Very helpful list!!
>
> Jared
>
In the agent's ossec.conf add a <config-profile> entry to the <client>
section. Example:
<ossec_config>
<client>
<server-ip>192.168.17.9</server-ip>
<config-profile>openbsd-firewall,openbsd-test</config-profile>
</client>
</ossec_config>
The above agent is a member of the openbsd-firewall and openbsd-test
profiles in agent.conf.
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
