Hello, we intend to implement OSSEC soon. Unfortunately we are not yet familiar at all with OSSEC but would appreciate the possibility to "baseline" a virgin WXP-installation (even OSSEC server is not yet running/installed).
As I understand ossec-agent-win32-1.5 cannot be installed without a running server... I could imagine - even it would be quite time consuming - the following approach: - installing the OSSEC server - restore a system-image/backup of the virgin WXP clients - install ossec-agent-win32-1.5 - restore the lastest WXP-client Backup-image (current user environment) - install ossec-agent-win32-1.5 - have OSSEC server detected all changes (between original WXP environment and current WXP environmnet) Question: Is this approach a good idea, or what would you suggest? Thank's a lot for any feedback! John
