Thanks for information. I am unable to found agent.conf file in /var/ossec/etc/shared folder. can you pls provide exact details how to create and configure.
Thanks Hardik Joshi On Wed, Jul 10, 2019 at 7:15 PM dan (ddp) <ddp...@gmail.com> wrote: > On Tue, Jul 9, 2019 at 2:33 AM Hardik Joshi <joshi4...@gmail.com> wrote: > > > > Thanks for the information. > > > > i need to provide details in every agent configuration file? > > > > Either the ossec.conf file on each agent, or agent.conf on the server. > agent.conf is in /var/ossec/etc/shared, and (lazily) gets distributed > to each agent. > The OSSEC processes on the agents need to be restarted if the > agent.conf changes. > > > how can i enable email alert for that? > > > > Email alerts for syscheck events should be enabled by default. > The auto ignore option could interfere with this (if a file changes > more than 3 times), as well as the maximum emails per hour. > > > Thanks > > Hardik Joshi > > 8866292445 > > > > > > On Tue, May 14, 2019 at 4:29 PM dan (ddp) <ddp...@gmail.com> wrote: > >> > >> On Tue, May 14, 2019 at 5:55 AM Hardik Joshi <joshi4...@gmail.com> > wrote: > >> > > >> > i am new on ossec, can someone provide how to configure file > integrity . rules where to configure for that. complete procedure. > >> > > >> > >> It should be enabled on every system we currently support by default. > >> Is there something you're having trouble with specifically? > >> This is the syntax for adding or changing things in the ossec.conf: > >> https://www.ossec.net/docs/syntax/head_ossec_config.syscheck.html > >> > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send an email to ossec-list+unsubscr...@googlegroups.com. > >> > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/f7b58a7d-1b6f-4cff-9314-57b7a066c985%40googlegroups.com > . > >> > For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > >> To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAMyQvMokHYeCOevf-CW%3DBn5j7UuPSW0FMTYT_Yn6z4vtd6Btww%40mail.gmail.com > . > >> For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to ossec-list+unsubscr...@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAFjM2gOMYk-TCcu9MSn3mw%3DZQuVYdakh6G3EEZnKsXi2%2BuvBGA%40mail.gmail.com > . > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAMyQvMr-L2ejQ12oRNar1hzJv1dNs-HV%2BCnZES0_kfJzP4NHGw%40mail.gmail.com > . > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAFjM2gN-S8QbM84ehwUtY2Sc1jKt6bCM41tgVsDZ-zBD3_eZ9w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
