-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello,
actually I find this to be one of the most commonly confused aspects of OSSEC. In default configuration clients will scan the log files according to their local configuration, however, each log entry is zipped, encrypted and sent to the server for rule matching and alerting. For a great overview refer to the AusCert 2007 presentation at http://www.ossec.net/ossec-docs/auscert-2007-dcid.pdf. Justin C. Klein Keane Sr. Information Security Specialist Information Security and Unix Systems University of Pennsylvania School of Arts and Sciences 3600 Market St. Room 520 Philadelphia, PA 19104 215.898.0236(p) 215.573.3166(f) Nate Schmoll wrote: > > Please review the web site and manual before posting. > > http://www.ossec.net/main/manual/centralized-config/ > > > On Tue, 27 Oct 2009 10:00:19 -0700 (PDT), Al Cloman <[email protected]> > wrote: >> I have deployed a server with agents. >> >> 1. Does the ossec.conf on the host control all the agents (ie. what >> files to look at, how frequent to scan, what to ignore, where to >> email) >> 1A. If the agents are controlled how do I force them to take the >> rules from the host ossec.conf >> 1B If NO, is there anyway I can get them to read one ossec.conf >> >> 2. What is the best soultion to have them reading one ossec.conf > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org iEYEARECAAYFAkroW5QACgkQR4a3EW2yjlR66gCfU5NARIfwKhqWv91DhAkJBglH rOoAnjpRxzSdI8Vltenp8IU0H4RJVCAS =xBAQ -----END PGP SIGNATURE-----
