-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/14/2010 07:54 PM, Jeremy Rossi wrote: > Good plan how I ran most of my agents.
Oh good, I must be on the right track then.. Right now I'm tuning the basic integrity sensor stuff and waiting for my OSSEC book to arrive in the mail so I can dig in deeper.. > decoders.xml are only used at the central ossec server. This is where > logs be paresed and cut and worked with. So are logs sent from the clients to the server then? That seems .. chatty, no? > rootkit files should be in /var/ossec/etc/etc/share/ anything in that > dir is sent to agents for you so you will not need to sync them > yourself. Just note changes take time. Do changes to these files (not agent.conf) also require a restart of the remote agent? - -- - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkw/Fq0ACgkQ8CjzPZyTUTSZSACeNBc4mFBpQ1/s2tj3961XP+x5 blYAniM6RN6EPdY5cqhUUoKKd6gAJSZS =+Fyz -----END PGP SIGNATURE-----
