Thanks for the reply... 1/ So does this mean the ossec.conf file on the agent isn't used. The agent takes the ossec configuration from the server's agent.conf file or defaults to using the servers ossec.conf file??? Could somebody please explain this to me.
2/ What I'm trying to implement is a global whitelist for all agents so I don't have to manually edit each agent's ossec.conf file whenever a whitelist entry needs to be added/removed. Can the whitelist be pushed from the server to all agents??? Thanks. Andy
