Hi All, I'm looking at the server/agent model and have a few questions.
"We allow centralized configuration for file integrity checking (syscheckd), rootkit detection (rootcheck) and log analysis." Does this mean that all other agent config like whitelist, active response config, alert levels, and other related config in the ossec.conf still have to be set on the agent? Same with any local_rules.xml, these still need to be defined on the agent. Cheers. Andy -- Subscription settings: http://groups.google.com/group/ossec-list/subscribe?hl=en
