Hi Sean,
it seems that agent_config name
<https://github.com/wazuh/wazuh/blob/master/src/config/config.c#L224> is
checked by the function OS_Match2
<https://github.com/wazuh/wazuh/blob/master/src/os_regex/os_match.c#L22> which
only matches strings with *^*, *$* or *|* special characters. So, you can
not use regex in the name.
I recommend you to use profiles in your agents, define your production
servers with the profile "production", the development server with "dev"
and so on.
Example:
*production agent*
<ossec_config>
<client>
<server-ip>10.0.0.220</server-ip>
<config-profile>centos, centos7, production</config-profile>
</client>
*agent.conf*
<agent_config profile="production">
I hope it helps.
Regards.
On Monday, December 5, 2016 at 11:33:01 PM UTC+1, Sean Roe wrote:
>
> Hi All,
>
> new to this list and I have a question:
>
> will the agent_config name field except regex expressions?
>
> I found a post by Daniel Cid with this reference:
> <agent_config name=”agent1|agent2″>
> <localfile>
> <location>/var/log/my.log</location>
> <logtype>syslog</logtype>
> </localfile>
> </agent_config>
>
> so I was hoping to build a stanza in agent.conf like this:
>
> <agent_config name="prod*002|dev*002|qa*002">
> <localfile>
> blah, blah.
>
> to get the prodAB002, prodCD002, devDD002, qaQQ002 servers
>
> Is that doable?
>
> Sean
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
