Hello All, I am currently working on a central ossec.conf file which contains our Windows and Linux configurations for all clients. Here are a few background details:
1. We currently only have a few Linux deployments and roughly 6 Windows deployments as a POC 2. All clients have a custom config, specific to Windows or Linux Now, I'd like to manage clients going forward with a central config file using agent.conf within /var/ossec/etc/shared. I've followed these steps: 1.Created an agent.conf file, and ran verify-agent-conf without any issues. 2. Ran MD5SUM against the agent.conf and noted hash 3. Ran agent-control -R <ID> against a few clients 4. Ran agent-control -i <ID> and verified that the MD5 changed to match the agent.conf hash 5. I review the agent.conf file on a Windows client that had updated and it is blank 6. I review the merged.mg file on the same client and I do see within the file that the custom agent.conf from the server is present 7. I go back to the /var/ossec/etc/shared/agent.conf and now see that it is completely blank with a different MD5 Can anyone explain why the agent.conf on the server would have the content removed? My guess is that if the client doesn't have this info in the agent.conf that it is only reading their local ossec.conf file? As a side note, do I need to re-deploy a new ossec.conf to clients out there with only the server IP configuration or will OSSEC merge the config with the agent.conf on the server? Thanks all for the help! Eric -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
