Re: [ossec-list] Monitor Particular Folder On Windows Agent
Hi Dan, If i add or delete file in a particular folder on windows agent desktop. I want to see their addition or deletion log on server/manager side. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] Monitor Particular Folder On Windows Agent
On Wed, Jul 19, 2017 at 11:46 AM, Akash Munjal wrote: > Hi All, > > Can I monitor a particular folder on desktop of my windows agent. > > If yes then how it can be done. Also I want to monitor a particular > drive(:C). > Define "monitor." Do you mean syscheck monitoring? If so, add a directories entry for it. If you mean something else, please specify. > thanks... > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [ossec-list] ossec-agent buffer and/or cache configurations
Hello Grant, OSSEC tracks logs from the file end when it starts. I mean, when OSSEC starts it opens every monitored file and jumps to the current file end. >From that moment on it will report all new data arriving to the log. If OSSEC detects that a log was rotated, it re-opens the file and tracks it from the end. It saves no file-position data when it gets stopped, so if new data is written into the log while OSSEC is stopped will be discarded. Hope it help. Kind regards. On Wed, Jul 19, 2017 at 8:13 PM, Grant Leonard wrote: > > > Two specific questions > > Are the amount of logs cached/tracked configurable? (Specifically for > linux agents) when the agent cannot reach the ossec-server > > (yes I read the discussion from 2010, looking for updated thoughts here) > > How, specifically, does the agent handle being down/restarted? > > For instance, ossec-agent is reading /var/log/syslog , we restart > ossec-agent, where does the agent pick up in the /var/log/syslog file and > HOW does it know where to pick up? > > Asking for 2.8.3 and forward please > > All the best > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Victor M. Fernandez-Castro IT Security Engineer Wazuh Inc. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] ossec-agent buffer and/or cache configurations
Two specific questions Are the amount of logs cached/tracked configurable? (Specifically for linux agents) when the agent cannot reach the ossec-server (yes I read the discussion from 2010, looking for updated thoughts here) How, specifically, does the agent handle being down/restarted? For instance, ossec-agent is reading /var/log/syslog , we restart ossec-agent, where does the agent pick up in the /var/log/syslog file and HOW does it know where to pick up? Asking for 2.8.3 and forward please All the best -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[ossec-list] Monitor Particular Folder On Windows Agent
Hi All, Can I monitor a particular folder on desktop of my windows agent. If yes then how it can be done. Also I want to monitor a particular drive(:C). thanks... -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.