Hi Marc,
Your second request has been done. If you try the latest snapshot version you will see that the agent now establishes a connection with the server and keeps track of the server availability (and the server does the same with all agents). The files are available at: http://www.ossec.net/files/snapshots/ *btw, did you solve your file integrity issue? Thanks, -- Daniel B. Cid dcid ( at ) ossec.net On 8/25/06, marc bayerkohler <[EMAIL PROTECTED]> wrote:
GREAT SOFTWARE First, thanks for publishing this software. the OSSEC HIDS project looks great so far. It fills a serious need. I do PCI (payment card industry) consulting, and every client needs to have a centralized log server and file integrity solution. The windows/unix ability is perfect. This could save people a lot of money and get used. Also, the installation was really fast. QUESTION I really want to get the file integrity working on windows. I have it configured to do so, but i am not seeing the FIM (file integrity monitoring) alerts on the server. I am getting the windows event log alerts on the server. I have stopped and started the agent a few times, i see it reading all the files. and i changed some files to trigger an alert, but havent seen anything. COMMENTS I scanned the install docs. fyi, one issue i ran into, the server didn't seem to be set up to accept remote connections by default (good) but that wasn't mentioned as an install step to add the <port>1514</port> line to the server's config. a local alerts log on the windows agent would be good. also, it would be cool if the windows agent log could somehow log if the alerts aren't getting through to the server. -- marc
