On Jul 17, 2013 10:06 AM, "Jared" <[email protected]> wrote: > > Sorry to open an old thread, but I have a related question. > > Is there any way to tell a host that it is a web or db server through the push of the agent.conf? Or is it a requirement to update the ossec.conf on every server to tell it what group it is a member of? >
No idea, I'll have to try it and find out. > Thank you, > > Jared > > On Monday, June 24, 2013 2:25:53 PM UTC-4, dan (ddpbsd) wrote: >> >> On Mon, Jun 24, 2013 at 1:15 PM, Jared <[email protected]> wrote: >> > Question: >> > >> > How are "Profiles" associated with clients / agents? >> > >> > Scenario: >> > >> > Agent ID = 001 = Web01 = IIS and MySQL = Windows >> > >> > Agent ID = 002 = Web02 = Apache/Tomcat and MySQL = CentOs >> > >> > I would like to have a profile for each server type so that I no longer see >> > the following errors: >> > >> > 2013/06/24 10:08:52 ossec-agent(1952): INFO: Monitoring variable log file: >> > 'C:\Tomcat7\logs\localhost_access_log.2013-06-24.txt'. >> > 2013/06/24 10:08:52 ossec-agent(1103): ERROR: Unable to open file >> > 'C:\Tomcat7\logs\localhost_access_log.2013-06-24.txt'. >> > >> > >> > For Windows servers that do not have Tomcat for example? >> > >> > Based on the following from the web documentation from >> > http://www.ossec.net/doc/syntax/head_agent_config.html?highlight=profile#profile: >> > >> > profile >> > This option to agent_config allows you to assign a profile name to the the >> > block. Any agent may use this block if it is configured to use the defined >> > profile. >> > >> > Example: <agent_config profile=”webservers”> >> > >> > >> > How do I tell Agent 002 that it should be associated with "LinuxWebs" >> > >> > <agent_config profile=”LinuxWebs”> >> > >> > >> > >> > How do I tell Agent 002 that it should be subordinate to "WinWebs" >> > >> > <agent_config profile=”LinuxWebs”> >> > >> > >> > >> > In the following config: >> > >> > <agent_config profile=”LinuxWebs”> >> > <localfile> >> > <location>/var/log/secure</location> >> > <log_format>syslog</log_format> >> > </localfile> >> > >> > >> > </agent_config> >> > >> > Thanks for all of the posts and info? Very helpful list!! >> > >> > Jared >> > >> >> In the agent's ossec.conf add a <config-profile> entry to the <client> >> section. Example: >> >> <ossec_config> >> <client> >> <server-ip>192.168.17.9</server-ip> >> <config-profile>openbsd-firewall,openbsd-test</config-profile> >> </client> >> </ossec_config> >> >> The above agent is a member of the openbsd-firewall and openbsd-test >> profiles in agent.conf. >> >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > > > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
