On Mon, Jan 8, 2018 at 8:35 AM, <charles.mc...@decisivedge.com> wrote:
> Thank you...
>
> Can you please provide a snippet of what the agent.conf should look like for
> this type of configuration.
>
> I have looked and I can not seem to find any sample agent.conf files that
> has this type of config.
>
All agent.conf files behave the same way.
Mine is simply (copied by hand, so excuse silly typos):
<agent_config>
<syscheck>
<directories check_all="yes">/var/ossec/etc</directories>
</syscheck>
</agent_config>
<agent_config os="OpenBSD">
<localfile>
<log_format>syslog</log_format>
<location>/var/log/daemon</location>
</localfile>
</agent_cofig>
If I wanted to add a profile, I could do something like:
<agent_config profile="webserver">
<localfile>
<log_format>apache</log_format>
<location>/var/log/apache/error_log</location>
</localfile>
</agent_config>
Then set the following in the ossec.conf on the agents I want to use
this profile:
<client>
<config-profile>webserver</config-profile>
</client>
> Thank you again !!
> Chuck
>
> On Friday, January 5, 2018 at 10:14:08 AM UTC-5, charle...@decisivedge.com
> wrote:
>>
>> Hello All
>>
>> I have a simple question and excuse me cause I am a NOOB with OSSEC.
>>
>> My question is about centralized agent Configuration.
>>
>> 1. Can you use a wild card for the agent name in the agent.conf ?
>>
>> 2. Why is this needed in the agent.conf file
>> <location>/var/log/my.log2</location>
>>
>> 3. How do you designate the correct agent.conf file to use for the
>> different type of servers, I am all linux shop but I am looking at
>> monitoring directories for my DB's and Webservers.
>>
>> I have not been able to find and get a grasp on this.
>>
>> Any help would be great !!
>>
>> Thanks
>> Chuck
>
>
> ________________________________
>
> This email and any files transmitted with it are considered privileged and
> confidential unless otherwise explicitly stated otherwise. If you are not
> the intended recipient you are notified that disclosing, copying,
> distributing or taking any action in reliance on the contents of this
> information is strictly prohibited. All email data and contents may be
> monitored to ensure that their use is authorized, for management of the
> system, to facilitate protection against unauthorized use, and to verify
> security procedures, survivability and operational security. Under no
> circumstance should the user of this email have an expectation of privacy
> for this correspondence.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
