I am trying to use the agent.conf on the server to push out client specific rules for each of my hosts. I am specifically looked at configuring specific realtime integrity checking for directories. I have configured the agent.conf file as:
<agent_config name="system1"> <localfile> <syscheck> <directories realtime="yes" check_all="yes">D:\TEST</directories> </syscheck> </localfile> </agent_config> <agent_config name="system2"> <localfile> <syscheck> <directories realtime="yes" check_all="yes">D:\TEST2</directories> </syscheck> </localfile> </agent_config> The shared agent.conf file is successfully updated on the client machines, but i do not see any indication that these directories are being monitored correctly. If I place the realtime <directories></ directories> tags directly in the ossec.conf files on the hosts, I can see the ossec.log file indicate the monitoring, but the current agent.conf configuration does not seem to be working. I have verified that the agent name is correct. Have I implemented the agent.conf parameters correctly? Should I see the ossec.conf file be updated with the values in the shared agent.conf? Thanks in advance...
