I have a client setup with an ossec manager (v2.6) and 10 ossec agents
(v2.6) using centralized configuration (agent.conf). My agent.conf
looks like this (server names and directories sanitized for public
forum):
yes
3600
no
enter_custom_directory
%WINDIR%/win.ini
ot;D:\." didn't produce the results I
> wanted.
>
>
>
> On Wed, Jul 13, 2011 at 2:06 PM, brighamr wrote:
> > Dan,
>
> > It's interesting that two others were able to use the agent.conf file
> > I wrote without issues... however I did comment out the
0 am, "dan (ddp)" wrote:
> Did you try what I suggested? I'd be interested to know if it works.
>
>
>
> On Wed, Jul 13, 2011 at 4:35 AM, brighamr wrote:
> > Hello Andy,
>
> > I did exactly as you described and still received the same error
> > &q
xited
>
> > Then ran ./verify-agent-conf successfully
>
> > Works for me on almost brand-new release from dcid-ossec-hids-d465e7d19b05
>
> > Andy
>
> > -Original Message-
> > From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On
&g
nd pasted all the data
> into it. Saved and exited
>
> Then ran ./verify-agent-conf successfully
>
> Works for me on almost brand-new release from dcid-ossec-hids-d465e7d19b05
>
> Andy
>
>
>
> -Original Message-
> From: ossec-list@googlegroups.com [mailt
OSSEC are you using?
>
>
>
> On Tue, Jul 12, 2011 at 12:24 PM, brighamr wrote:
> > Chris,
>
> > Thannk you. I copied this file onto the server and attempted to
> > verify. I am still getting an element not closed error. Is there
> > anything that would make verify-
d the modified agent.conf.
>
> Regards,
> Chris
>
>
>
> On Mon, Jul 11, 2011 at 5:52 PM, brighamr wrote:
> > Chris,
>
> > I removed all of the astericks from the file (they were appended to
> > the end of the individual registry key elements). Did you remo
Chris,
I removed all of the astericks from the file (they were appended to
the end of the individual registry key elements). Did you remove
anything that wasn't in the registry keys section?
For some reason, it still gives me the same error - even after
removing the astricks.
Any chance you woul
;
>
> On Mon, Jul 11, 2011 at 11:18 AM, brighamr wrote:
> > I got the agents working on my win2008r2 servers using a very basic
> > agent.conf. After that worked I created a much more specific
> > agent.conf and am getting an error from verify-agent-conf which states
>
s to make sure.
>
> If you change the frequency back to 7200, does it work?
>
>
>
> On Wed, Jul 6, 2011 at 1:05 PM, brighamr wrote:
> > We have installed 10 agents and 1 ossec server. the windows 2003
> > agents are working without a problem. on the win2008r2 agents, w
I got the agents working on my win2008r2 servers using a very basic
agent.conf. After that worked I created a much more specific
agent.conf and am getting an error from verify-agent-conf which states
"XML error, element not closed directories line 284". I have passed my
file by several engineers an
We have installed 10 agents and 1 ossec server. the windows 2003
agents are working without a problem. on the win2008r2 agents, we
modified the ossec.conf on the agent to change the syscheck interval
from 7200 to 3600. Since then the rootchecks fire every 3600, but the
syschecks haven’t fired at al
12 matches
Mail list logo