Hi
everyone,
I have some more
questions with OSSEC... (which I try to deploy on 14 servers in a complex
network).
Now that
configuration files seem correctly parsed (was another subject), I don't receive
any more alert email...? So here are my questions:
-
how to be sure that agents connect with OSSEC Server ? (forget sniffers like
Ethereal, that's forbidden).
-
checked localfiles change every day (with "%Y-%m-%d"). Does OSSEC Agent
re-read (or re-parse) conf file as needed (so, in my case, every day)
?
-
if a localfile to check doesn't exist a day, but exist next day, will OSSEC
check it, or should OSSEC Agent be restarted ?
-
in Server conf file, what is the most "noisy" severity level: 1 or 16 ? I would
say "16", like syslog severity level, but would like to be
sure.
Many thanks
!
Fred
