On Fri, Sep 20, 2019 at 4:42 AM Hardik Joshi <joshi4...@gmail.com> wrote: > > i want to enable email alert for file created,modified,deleted with example. >
For syscheck, I think it's something like: On the server: <syscheck> <alert_new_files>yes</alert_new_files> </syscheck> On an agent: <syscheck> <directories check_all="yes" realtime="yes">/path/to/directory</directories> </syscheck> If you don't want to auto ignore files after 3 changes, disable the auto_ignore option to the server. <syscheck> ... <auto_ignore>no</auto_ignore> </syscheck> Emailing syscheck alerts should already work out of the box (assuming emailing alerts works). > Thanks > Hardik Joshi > 8511113164 > > > On Wed, Sep 18, 2019 at 5:16 PM dan (ddp) <ddp...@gmail.com> wrote: >> >> On Wed, Sep 11, 2019 at 7:21 AM Hardik Joshi <joshi4...@gmail.com> wrote: >> > >> > Hi, >> > >> > i want to windows file monitoring on every server, can you please help me >> > how to do this? with example please. >> > >> >> syscheck is enabled by default on Windows systems. >> What changes are you looking to make to the configuration? >> >> > Thanks >> > Hardik Joshi >> > 8511113164 >> > >> > >> > On Thu, Jul 11, 2019 at 4:35 PM dan (ddp) <ddp...@gmail.com> wrote: >> >> >> >> On Thu, Jul 11, 2019 at 2:12 AM Hardik Joshi <joshi4...@gmail.com> wrote: >> >> > >> >> > Thanks for information. >> >> > >> >> > I am unable to found agent.conf file in /var/ossec/etc/shared >> >> > folder. can you pls provide exact details how to create and configure. >> >> > >> >> >> >> The documentation we currently have for this is pretty sparse. >> >> >> >> Use your favorite text editor to create the file on the OSSEC server. >> >> In that file start with: >> >> >> >> <agent_config> >> >> </agent_config> >> >> >> >> Between those 2 lines, enter your configuration. >> >> For example, to add `/var/test` to the syscheck configuration of all >> >> agents, use: >> >> >> >> <agent_config> >> >> <syscheck> >> >> <directories check_all="yes">/var/test</directories> >> >> </syscheck> >> >> </agent_config> >> >> >> >> Multiple "<agent_config>" blocks can be included in a single agent.conf. >> >> When the agent.conf is modified, the agent's ossec processes will have >> >> to be restarted for it to take effect. >> >> >> >> To limit which agents the configuration applies to, you can add >> >> modifiers to the agent_config line. >> >> There is "os," "name," and "profile" available. >> >> >> >> "os" defines the operating system of the agents the configuration will >> >> apply on. For example you can use "Windows" or "Linux": >> >> <agent_config os="Windows"> >> >> >> >> "name" is the name of an agent. If you want the configuration block to >> >> apply to a specific agent, use this option. >> >> <agent_config name="agent007"> >> >> >> >> "profile" is a descriptive term that you can use to group agents. The >> >> agent "subscribes" to the profile in its ossec.conf. >> >> I haven't used this option in years, so I don't remember how to use it >> >> off hand. >> >> >> >> >> >> > Thanks >> >> > Hardik Joshi >> >> > >> >> > >> >> >> >> Hope this helps. Feel free to watch this space for further updates: >> >> https://ossec-documentation.readthedocs.io/en/latest/configuration/agent_conf.html >> >> >> >> -- >> >> >> >> --- >> >> You received this message because you are subscribed to the Google Groups >> >> "ossec-list" group. >> >> To unsubscribe from this group and stop receiving emails from it, send an >> >> email to ossec-list+unsubscr...@googlegroups.com. >> >> To view this discussion on the web visit >> >> https://groups.google.com/d/msgid/ossec-list/CAMyQvMpvgO9ts1LDQMBNAMYZDM4vbfCxzXcc%2BvaCyeADfP_HoQ%40mail.gmail.com. >> >> For more options, visit https://groups.google.com/d/optout. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> > email to ossec-list+unsubscr...@googlegroups.com. >> > To view this discussion on the web visit >> > https://groups.google.com/d/msgid/ossec-list/CAFjM2gNzHK7q7T%2Btwmp45DQrbAh01fUVhLX_V5ecuBg1ViVWWg%40mail.gmail.com. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ossec-list/CAMyQvMot6a7tN0VjWTm2A%3DLYWA2mAO0z5GeT0CN7N7AC1Gn1XA%40mail.gmail.com. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAFjM2gMYxChx4%3DNBe3Wh0_bW0t2yMqsa5AatTQMep%3D8BPMuF3w%40mail.gmail.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMrNNJvxj-d14FLOwjqCJwAbxnTEfCHYzmLPgqqnOXEdkQ%40mail.gmail.com.
