Good Day Guys, I am planing to put everything in central location. and i started reading http://www.ossec.net/main/manual/centralized-config/ This document quite confusing me. Let me explain my requirement.
We have many distro in our network ubuntu/redhat/gentoo etc.. also few are high end servers and few are low end. so according that i want to manage them centralized I want to change syscheck scan time frequency etc.. different on low and high end servers. I want to disable active response on my iptable firewall server etc.. so how should i maintain all different different agent requirement in central location ? In above document they are saying <agent_config name=”agent1|agent2″> what is this means ? is this my hostname or my agent actual name which i configured in OSSEC ? And how to disable active response on specific agent ? do i need to add disable option in agents.conf or individual agents ossec.conf file ? anybody has example files please post me i will appreciate your great help -Satish
