The agents forward the logs to the server, the server decodes them. The rule files don't exist on the agent, and I think all configurations that you mentioned exist only on the server.
Sent from my Nokia phone -----Original Message----- From: [email protected] Sent: 04/27/2010 4:21:34 AM Subject: [ossec-list] Questions about Server/Agent Setup Hi All, I'm looking at the server/agent model and have a few questions. "We allow centralized configuration for file integrity checking (syscheckd), rootkit detection (rootcheck) and log analysis." Does this mean that all other agent config like whitelist, active response config, alert levels, and other related config in the ossec.conf still have to be set on the agent? Same with any local_rules.xml, these still need to be defined on the agent. Cheers. Andy -- Subscription settings: http://groups.google.com/group/ossec-list/subscribe?hl=en
