Hi,
I'm looking for some help troubleshooting a central agent
configuration. I've followed the
instructions as per http://www.ossec.net/main/manual/centralized-config
but my
updated syscheck stanza doesn't seem to result in changes in /home/
username
being alerted.
/opt/ossec/etc/shared/agent.conf as below, client checksums confirm
they
got the config.
<agent_config>
<syscheck>
<frequency>3700</frequency>
<directories check_all="yes" realtime="yes">/home/username</
directories>
<!-- Directories to check (perform all possible verifications) --
>
<directories check_all="yes" realtime="yes">/etc,/usr/bin,/usr/
sbin</directories>
<directories check_all="yes" realtime="yes">/bin,/sbin</
directories>
</syscheck>
</agent_config>
Regards,
Mark
