but this is only to generate the on sever but i need the copy this key on
the agent remotly
Best regards
On Fri, Nov 30, 2012 at 3:00 AM, rezgui mohamed rezgui...@gmail.com wrote:
but this is only to generate the on sever but i need the copy this key on
the agent remotly
Best regards
Why not use ossec-authd?
grep $IP_ADDRESS /var/ossec/etc/client.keys /tmp/$IP_ADRESS scp
/tmp/$IP_ADDRESS
I agree auto-registration a.k.a ossec-authd is the easiest way to get keys.
I already provided a puppet manifest using it in a previous post. With this
method, don't have to worry about scp/ftp/rsync keys between server and
clients.
On Fri, Nov 30, 2012 at 5:25 AM, dan (ddp) ddp...@gmail.com
Hello - Is there a way to have syscheck NOT perform pre-scan upon startup
if it had already created it's database in a previous run? Ideally, I
think I would like it to do a comparison to the existing database - but as
I have not found this question anywhere elseI suspect I am thinking of
Some of the out-of-the-box rules include an 'alert_by_email' option so that you
receive an e-mail regardless of the level chosen in your ossec.conf.
Reference:
http://www.ossec.net/doc/faq/alerts.html#i-set-the-email-alert-level-to-10-why-do-i-keep-seeing-rules-with-lower-levels
If the above