Isn't this kind of cluster issue usually handled by mounting shared
storage. That way each server is monitoring local resources but writing
to the same ossec log.
On 12/15/2010 02:15 PM, carlopmart wrote:
On 12/15/2010 08:10 PM, dan (ddp) wrote:
On Wed, Dec 15, 2010 at 1:38 PM, carlopmart<[email protected]>
wrote:
On 12/15/2010 07:14 PM, [email protected] wrote:
And the answer is E
But I did remove some functionality from the server side
I'm writhing a doc on it for the deployment team But basicali remove
In ossec.conf the services you don’t want doubled up
But first I installed the server in /opt/ossec-server
Then did same install has agent in /opt/opt/ossec-agent
Next started the server
Then added the agent using mange agent on the server side
Up t'il now no conflicts some tweaking of of the conf file
To remove or add functionality
But all this is in test mode to see if ossec will meet the
Requirements of the Torquemada of this world(corp. security)
Good luck
Dan
Thanks Dan.
I have installed ossec as a server disabling rootchek, syscheck
and active
response. But when I launch ossec init script syscheckd is started.
How can
I prevent to start syscheckd??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
I think, in the syscheck section, you can add
<disabled>yes</disabled>. I don't see it in the documentation, but I
see references in the source to it (which I can't dig into very much).
I kind of remember there being a similar optionf or rootcheck.
I have tried it, and doesn't works. Syscheckd is started ...
--
R. Loyd Darby, OSSIM-OCSE
Project Manager DOC/NOAA/NMFS
Infrastructure coordinator
Southeast Fisheries Science Center
305-361-4297
