-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I'm a bit confused by the centralized remote agent configuration. I
set up each remote agent with an ossec.conf file containing only the IP
of the ossec server. On the server, I have an agent.conf file with all
of the information for my clients (syscheck, rootcheck, active-response,
and localfiles).
Whenever I make a change to the agent.conf, I have to wait for the file
to be synchronized out to the agents. This apparently takes forever and
a day to happen. I think this becomes the merged.mg file on the remote,
correct? If so, it took about 3.5 hours for the last change to push
out. Once it's there, I have to reload the remote agent to activate the
new changes.
My confusion is with both the agent.conf and the remote agent itself.
First, are all of the directives I'm using in the agent.conf valid for
remote agents? ie, should I be using localfile directives or something
else? How should I be specifying the rootcheck files? Those files
exist on my remotes, but I see the following in the remote agent ossec.log :
2010/07/22 15:29:32 ossec-rootcheck: No rootcheck_files file configured.
2010/07/22 15:29:32 ossec-rootcheck: No rootcheck_trojans file configured.
Why is it not seeing the rootcheck information?
Finally, if I restart a remote agent, either via the server, locally on
the machine, or through rebooting the machine, how long does it take to
sync with the server and re-start using the agent.conf I've configured
from the server? Will it use the local merged.mg file automatically?
Thanks,
- --
- ---------------------------
Jason 'XenoPhage' Frisvold
[email protected]
- ---------------------------
"Any sufficiently advanced magic is indistinguishable from technology."
- - Niven's Inverse of Clarke's Third Law
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxIo2IACgkQ8CjzPZyTUTTVUACfRiIm1+S0R9IkGYnGeLZ243aW
B34AnjAwkSzHecTPThFTZgsmT541rAuM
=hLxN
-----END PGP SIGNATURE-----
