On 12/15/2010 08:51 PM, dan (ddp) wrote:
I think, in the syscheck section, you can add
<disabled>yes</disabled>. I don't see it in the documentation, but I
see references in the source to it (which I can't dig into very much).
I kind of remember there being a similar optionf or rootcheck.
I have tried it, and doesn't works. Syscheckd is started ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
But does it do anything? If the process runs but doesn't do anything
does it matter that it runs?
You can also stop it from running by modifying the ossec-control
script. It's an easy little hack.
Maybe easier to install ossec as a server on both hosts and then use a load balancer
without using NAT to connect the agents ... This should work, right??
After I can use splunk to consolidate all ossec logs ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
