On Mon, Jan 8, 2018 at 8:35 AM, <charles.mc...@decisivedge.com> wrote: > Thank you... > > Can you please provide a snippet of what the agent.conf should look like for > this type of configuration. > > I have looked and I can not seem to find any sample agent.conf files that > has this type of config. >
All agent.conf files behave the same way. Mine is simply (copied by hand, so excuse silly typos): <agent_config> <syscheck> <directories check_all="yes">/var/ossec/etc</directories> </syscheck> </agent_config> <agent_config os="OpenBSD"> <localfile> <log_format>syslog</log_format> <location>/var/log/daemon</location> </localfile> </agent_cofig> If I wanted to add a profile, I could do something like: <agent_config profile="webserver"> <localfile> <log_format>apache</log_format> <location>/var/log/apache/error_log</location> </localfile> </agent_config> Then set the following in the ossec.conf on the agents I want to use this profile: <client> <config-profile>webserver</config-profile> </client> > Thank you again !! > Chuck > > On Friday, January 5, 2018 at 10:14:08 AM UTC-5, charle...@decisivedge.com > wrote: >> >> Hello All >> >> I have a simple question and excuse me cause I am a NOOB with OSSEC. >> >> My question is about centralized agent Configuration. >> >> 1. Can you use a wild card for the agent name in the agent.conf ? >> >> 2. Why is this needed in the agent.conf file >> <location>/var/log/my.log2</location> >> >> 3. How do you designate the correct agent.conf file to use for the >> different type of servers, I am all linux shop but I am looking at >> monitoring directories for my DB's and Webservers. >> >> I have not been able to find and get a grasp on this. >> >> Any help would be great !! >> >> Thanks >> Chuck > > > ________________________________ > > This email and any files transmitted with it are considered privileged and > confidential unless otherwise explicitly stated otherwise. If you are not > the intended recipient you are notified that disclosing, copying, > distributing or taking any action in reliance on the contents of this > information is strictly prohibited. All email data and contents may be > monitored to ensure that their use is authorized, for management of the > system, to facilitate protection against unauthorized use, and to verify > security procedures, survivability and operational security. Under no > circumstance should the user of this email have an expectation of privacy > for this correspondence. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.