On Wed, Jun 26, 2013 at 3:18 PM, David Blanton <[email protected]> wrote: > So what would specifically go in the ossec.conf on the server side and what
Settings you want to apply to the server. > specifically goes in agent.conf? Settings you want to apply to the agents. > > It seems redundant - why would I add <localfiles> <directories to check> > <ignore directories> ect. when I can put them in the agent.conf file? Is it No idea. > essentially user preference? Whether I want to modify each agent's > ossec.conf file or put everything in a centralized agent.conf file on the > ossec server? > Pretty much. I have a setup with 1 agent. Whether I use the agent.conf or the ossec.conf doesn't really matter. The only thing that has to be in the ossec.conf is the server-ip setting. > Or should I edit the agent.conf file on each server individually? > You could copy it between OSSEC servers if you want. It seems easier that way. > Sorry for the confusion - I just don't really get how it all ties together. > I've been dealing with it for a long time, I probably don't know how to explain it. > > On Wednesday, June 26, 2013 1:34:22 PM UTC-4, dan (ddpbsd) wrote: >> >> On Wed, Jun 26, 2013 at 1:02 PM, David Blanton >> <[email protected]> wrote: >> > So create/write the agent.conf file server side, restart ossec server, >> > and >> > the agent.conf file gets pushed to the agents. Does this somehow >> > incorporate >> > the local ossec.conf file located on the agents? >> > >> >> The ossec.conf and agent.conf are both used. >> >> > >> > On Monday, June 24, 2013 2:21:49 PM UTC-4, dan (ddpbsd) wrote: >> >> >> >> On Fri, Jun 21, 2013 at 10:51 AM, David Blanton >> >> <[email protected]> wrote: >> >> > To be brief, yeah it is checking. Not sure agent.conf did update, I >> >> > manually >> >> > just wrote in the xml lines required. >> >> > >> >> > I got so frustrated that I ended up just reinstalling OSSEC server >> >> > side, >> >> > and >> >> > import/exporting new keys and just pasting over my ossec.conf file. >> >> > Everything ended up working this way. >> >> > >> >> > Just curious - why is there an agent.conf file server-side and an >> >> > agent.conf >> >> > file client side? >> >> > >> >> >> >> You create it on the server, the server pushes it to the agent, and >> >> the agent then uses that file for configuration. >> >> If the agent didn't have a copy, how would it use the agent.conf? If >> >> agents weren't supposed to use the agent.conf, why would it be named >> >> that way? >> >> >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> > send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> >> > >> >> > >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
