I was able to restart the ossec agent on a windows host a few minutes ago.
On the ossec server, in the ossec.conf I added:
<command>
<name>win-null-route</name>
<executable>route-null.cmd</executable>
<expect>srcip</expect>
<timeout_allowed>yes</timeout_allowed>
</command>
<command>
<name>win-restart-ossec</name>
<executable>restart-ossec.cmd</executable>
<expect></expect>
</command>
<active-response>
<command>win-null-route</command>
<location>defined-agent</location>
<agent_id>012</agent_id>
<level>15</level>
<timeout>60</timeout>
</active-response>
I haven't looked at the route-null.cmd script to see what it does yet,
so I don't know how to check if that worked or not.
But I saw no errors in the ossec.log on the Windows agent (no tail -f
made this less than fun).
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
