/facepalm Thanks for the quick response. For some reason I was (mis) thinking the localfile was a tag related to the the agent's local system, but I should have known better...
I will give that a try and it will most likely resolve the issue. On Feb 22, 4:22 pm, "dan (ddp)" <[email protected]> wrote: > Hi Dj, > > On Tue, Feb 22, 2011 at 4:11 PM, Dj <[email protected]> wrote: > > I am trying to use the agent.conf on the server to push out client > > specific rules for each of my hosts. I am specifically looked at > > configuring specific realtime integrity checking for directories. I > > have configured the agent.conf file as: > > > <agent_config name="system1"> > > <localfile> > > The <localfile> and </localfile> tags are misplaced. They expect a > logfile and format (<log_format>, <location>). <localfile> is for > monitoring a log file, and doesn't relate to syscheck. > > > <syscheck> > > <directories realtime="yes" check_all="yes">D:\TEST</directories> > > </syscheck> > > </localfile> > > </agent_config> > > > <agent_config name="system2"> > > <localfile> > > <syscheck> > > <directories realtime="yes" check_all="yes">D:\TEST2</directories> > > </syscheck> > > </localfile> > > </agent_config> > > > The shared agent.conf file is successfully updated on the client > > machines, but i do not see any indication that these directories are > > being monitored correctly. If I place the realtime <directories></ > > directories> tags directly in the ossec.conf files on the hosts, I can > > see the ossec.log file indicate the monitoring, but the current > > agent.conf configuration does not seem to be working. I have verified > > that the agent name is correct. > > > Have I implemented the agent.conf parameters correctly? > > Should I see the ossec.conf file be updated with the values in the > > shared agent.conf? > > > Thanks in advance...
