Just beginning to use OSSEC and going through a trial-and-error process setting up a configuration for an internal application. Searched for this before posting and ended up with more questions than answers.
https://groups.google.com/forum/#!msg/ossec-list/8P52JbzyOPg/pGGI-6_KrD0J;context-place=forum/ossec-list posed my question but the context leaves more questions: I realize http://ossec-docs.readthedocs.io/en/latest/cookbooks/recipes/ar-agent-conf-restart.html is user contributed but its reference to restart-ossec.sh seems incomplete because there's no parameter and running restart-ossec.sh without parameters produces an error (on v 2.9.2). Second, restart-ossec.sh appears to deal with updates to hosts.deny, did they just borrow the script? Third, this URL restarts OSSEC on the manager but how does that cause a restart on the agents (which seems necessary to get agent.conf updated on them)? Maybe answering an alternate question is more appropriate, if I need to update agent.conf, what are the steps I need to take to successfully propagate the change? (These questions are coming from the bottom of https://ossec.github.io/docs/manual/syscheck/index.html since the situation seems similar) Does the OSSEC manager's processes need to be stopped then restarted after clearing the agent's database and, following that, a syscheck scan launched on the agent? Thanks for clearing up the confusion. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
