On Thu, Jul 11, 2019 at 2:12 AM Hardik Joshi <joshi4...@gmail.com> wrote:
>
> Thanks for information.
>
> I am unable to found agent.conf file in /var/ossec/etc/shared folder. can
> you pls provide exact details how to create and configure.
>
The documentation we currently have for this is pretty sparse.
Use your favorite text editor to create the file on the OSSEC server.
In that file start with:
<agent_config>
</agent_config>
Between those 2 lines, enter your configuration.
For example, to add `/var/test` to the syscheck configuration of all
agents, use:
<agent_config>
<syscheck>
<directories check_all="yes">/var/test</directories>
</syscheck>
</agent_config>
Multiple "<agent_config>" blocks can be included in a single agent.conf.
When the agent.conf is modified, the agent's ossec processes will have
to be restarted for it to take effect.
To limit which agents the configuration applies to, you can add
modifiers to the agent_config line.
There is "os," "name," and "profile" available.
"os" defines the operating system of the agents the configuration will
apply on. For example you can use "Windows" or "Linux":
<agent_config os="Windows">
"name" is the name of an agent. If you want the configuration block to
apply to a specific agent, use this option.
<agent_config name="agent007">
"profile" is a descriptive term that you can use to group agents. The
agent "subscribes" to the profile in its ossec.conf.
I haven't used this option in years, so I don't remember how to use it off hand.
> Thanks
> Hardik Joshi
>
>
Hope this helps. Feel free to watch this space for further updates:
https://ossec-documentation.readthedocs.io/en/latest/configuration/agent_conf.html
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ossec-list/CAMyQvMpvgO9ts1LDQMBNAMYZDM4vbfCxzXcc%2BvaCyeADfP_HoQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
