Hi Dj, On Tue, Feb 22, 2011 at 4:11 PM, Dj <[email protected]> wrote: > I am trying to use the agent.conf on the server to push out client > specific rules for each of my hosts. I am specifically looked at > configuring specific realtime integrity checking for directories. I > have configured the agent.conf file as: > > <agent_config name="system1"> > <localfile>
The <localfile> and </localfile> tags are misplaced. They expect a logfile and format (<log_format>, <location>). <localfile> is for monitoring a log file, and doesn't relate to syscheck. > <syscheck> > <directories realtime="yes" check_all="yes">D:\TEST</directories> > </syscheck> > </localfile> > </agent_config> > > <agent_config name="system2"> > <localfile> > <syscheck> > <directories realtime="yes" check_all="yes">D:\TEST2</directories> > </syscheck> > </localfile> > </agent_config> > > The shared agent.conf file is successfully updated on the client > machines, but i do not see any indication that these directories are > being monitored correctly. If I place the realtime <directories></ > directories> tags directly in the ossec.conf files on the hosts, I can > see the ossec.log file indicate the monitoring, but the current > agent.conf configuration does not seem to be working. I have verified > that the agent name is correct. > > Have I implemented the agent.conf parameters correctly? > Should I see the ossec.conf file be updated with the values in the > shared agent.conf? > > Thanks in advance...
