On Jun 26, 2013 4:31 PM, "David Blanton" <[email protected]> wrote: > > Holy smokes that helps out a lot. Thanks dan. > > So if I want to manage directory checks through agent.conf - I can technically have ossec.conf empty as long as I have the client IP/port in there. > > One last question - how do the agents get the ossec.conf settings? Are they defaults with the directories check and the IP/port. rootcheck ect. is added during the installation? >
Install.sh asks for some settings, checks for others, and defaults to the rest. Anything in there beyond what is there immediately after install was added by a person. > > On Wednesday, June 26, 2013 3:50:25 PM UTC-4, dan (ddpbsd) wrote: >> >> On Wed, Jun 26, 2013 at 3:36 PM, David Blanton >> <[email protected]> wrote: >> > So if I set my server-side agent.conf file with <agent_config name"XXXX"> >> > for all my agents, >> > >> > And have a list of all my agents, with local files, & directories to >> > monitor, directories to ignore, will it do just that for all my agents? Or >> > do I have to copy all of this over to each agent.conf file located on each >> > agent's server? >> > >> >> The server should push the agent.conf to each agent automagically. >> >> > >> > Also, what takes precedence - agent.conf or ossec.conf located on the agent? >> >> No idea, I've never gotten around to figuring it out.I try not to >> duplicate settings between the two. >> >> > Or is agent.conf used to guide the agent to search through specific >> > files/dirs and the ossec.conf is for the rootcheck & ignores, ect. >> > >> > >> > If I edit the agent.conf file server side - it doesn't update the agent.conf >> > file on the agent side? Same goes for ossec.conf? I'm getting more and more >> > confused lol. Do you have an efficient, preferred way of setting all this >> > up? >> > >> >> The agent.conf gets pushed from the server to the agents. The >> ossec.conf does not. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
