Sorry to resurrect an old thread, but is there any update to this? I'm just moving towards a centralised config, and experiencing this issue. referencing by OS or name, works, but by config-profile doesn't on Windows. I've also tried the 2.7.1 beta agent, and seeing the same issue.
I don't know if it's relevant, but I'm seeing entries like this in the agent logs if I enable debug logging: 2013/09/25 12:40:07 Read agent config profile name [(null)] 2013/09/25 12:40:07 [dhcp] did not match agent config profile name [(null)] 2013/09/25 12:40:07 Read agent config profile name [(null)] 2013/09/25 12:40:07 [dns] did not match agent config profile name [(null)] Thanks On Tuesday, March 5, 2013 11:19:31 PM UTC, dan (ddpbsd) wrote: > > On Tue, Mar 5, 2013 at 12:49 AM, Андрей Шевченко > <dioer...@gmail.com<javascript:>> > wrote: > > Is it possible to add this functionality in a future version of > ossec-agent > > for win? > > > > Definitely. > > > > > среда, 27 февраля 2013 г., 10:11:21 UTC+6 пользователь Андрей Шевченко > > написал: > >> > >> It looks like this feature was not included in the > ossec-hids/src/win32/ > >> I have not found any changes in the win32 sources. > >> > >> среда, 27 февраля 2013 г., 2:01:56 UTC+6 пользователь dan (ddpbsd) > >> написал: > >>> > >>> On Thu, Feb 21, 2013 at 6:38 AM, Андрей Шевченко <dioer...@gmail.com> > >>> wrote: > >>> > I tried to add a bad option and i see that it is not being picked > up... > >>> > Like in my example, i don't see anything related to options in > specific > >>> > agent profile. > >>> > > >>> > >>> You could check the code repository to see if the commits enabling > >>> this functionality for unixy systems also enabled it for Windows. > >>> > >>> > вторник, 19 февраля 2013 г., 23:15:44 UTC+6 пользователь dan > (ddpbsd) > >>> > написал: > >>> >> > >>> >> On Mon, Feb 18, 2013 at 6:23 AM, Андрей Шевченко < > dioer...@gmail.com> > >>> >> wrote: > >>> >> > osssec.conf(agent test_PC): > >>> >> > > >>> >> >> <ossec_config> > >>> >> >> > >>> >> >> > >>> >> >> <client> > >>> >> >> > >>> >> >> <config-profile>test1</config-profile> > >>> >> >> > >>> >> >> <server-ip>1.1.1.1</server-ip> > >>> >> >> > >>> >> >> </client> > >>> >> >> > >>> >> >> > >>> >> >> <active-response> > >>> >> >> > >>> >> >> <disabled>no</disabled> > >>> >> >> > >>> >> >> </active-response> > >>> >> >> > >>> >> >> > >>> >> >> </ossec_config> > >>> >> > > >>> >> > > >>> >> > > >>> >> > agent.conf(server): > >>> >> > > >>> >> >> <agent_config name="test_PC"> > >>> >> >> > >>> >> >> <syscheck> > >>> >> >> > >>> >> >> <directories check_all="yes">D:/</directories> > >>> >> >> > >>> >> >> </syscheck> > >>> >> >> > >>> >> >> </agent_config> > >>> >> >> > >>> >> >> > >>> >> >> <agent_config profile="test1"> > >>> >> >> > >>> >> >> <syscheck> > >>> >> >> > >>> >> >> <directories check_all="yes">F:/</directories> > >>> >> >> > >>> >> >> </syscheck> > >>> >> >> > >>> >> >> </agent_config> > >>> >> >> > >>> >> >> > >>> >> >> <agent_config os="Windows"> > >>> >> >> > >>> >> >> <syscheck> > >>> >> >> > >>> >> >> <directories check_all="yes">C:/</directories> > >>> >> >> > >>> >> >> </syscheck> > >>> >> >> > >>> >> >> </agent_config> > >>> >> > > >>> >> > > >>> >> > ossec.log(agent): > >>> >> > > >>> >> >> 2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: > 'D:/'. > >>> >> >> > >>> >> >> 2013/02/18 15:41:34 ossec-agent: INFO: Monitoring directory: > 'C:/'. > >>> >> > > >>> >> > > >>> >> > Disk F is not monitored. > >>> >> > > >>> >> > Equal configuration for agent under FreeBSD works fine. > >>> >> > > >>> >> > -- > >>> >> > > >>> >> > >>> >> You could add a bad option under that profile to see if it's being > >>> >> picked up, like monitoring a syslog file that doesn't actually > exist. > >>> >> > >>> >> Other than that, I'd try something like: > >>> >> > >>> >> <agent_config profile="test1"> > >>> >> <syscheck> > >>> >> <directories check_all="yes">F:\.</directories> <!-- Notice the > "." > >>> >> --> > >>> >> </syscheck> > >>> >> </agent_config> > >>> >> > >>> >> I can't test this at the moment, so I don't know for sure that it > will > >>> >> work. > >>> >> > >>> >> > --- > >>> >> > You received this message because you are subscribed to the > Google > >>> >> > Groups > >>> >> > "ossec-list" group. > >>> >> > To unsubscribe from this group and stop receiving emails from it, > >>> >> > send > >>> >> > an > >>> >> > email to ossec-list+...@googlegroups.com. > >>> >> > For more options, visit https://groups.google.com/groups/opt_out. > > >>> >> > > >>> >> > > >>> > > >>> > -- > >>> > > >>> > --- > >>> > You received this message because you are subscribed to the Google > >>> > Groups > >>> > "ossec-list" group. > >>> > To unsubscribe from this group and stop receiving emails from it, > send > >>> > an > >>> > email to ossec-list+...@googlegroups.com. > >>> > For more options, visit https://groups.google.com/groups/opt_out. > >>> > > >>> > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to ossec-list+...@googlegroups.com <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.