I dont know how it is determined by OSSEC, but you can see what OS is running on an agent by running /var/ossec/bin/agent_control -i [agent id]. It will among other information output the agent's OS.
On Mon, Mar 8, 2010 at 2:59 PM, Jason <[email protected]> wrote: > I have a question about the centralized agent config. > > http://www.ossec.net/main/manual/centralized-config/ > > I have tested the agent.conf on with agent name and os fields. It > appears to function with the agent name field very well. Not having > good results with the os varible. > > How do I find the os variable used for each os type? > How is the OS type determined? > > > <agent_config os="Linux"> > <localfile> > <log_format>syslog</log_format> > <location>/var/log/my.log2</location> > </localfile> > </agent_config> >
