Look like my managment server pushed agent.conf to client after restart agent i got follwoing error "No file configured to monitor" I did specify each and every log files in agents.conf
Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... Started ossec-execd... Started ossec-agentd... 2011/03/03 09:30:38 ossec-logcollector(1905): INFO: No file configured to monitor. Started ossec-logcollector... 2011/03/03 09:30:38 ossec-syscheckd(1702): INFO: No directory provided for syscheck to monitor. 2011/03/03 09:30:38 ossec-syscheckd: WARN: Syscheck disabled. Started ossec-syscheckd... Completed. On Thu, Mar 3, 2011 at 12:04 PM, satish patel <[email protected]> wrote: > This boy did a great job in documentation of centralized > configuration. We would like this kind of doc on ossec.net website. > > http://blog.godshell.com/blog/archives/274-WoO-Day-3-Meet-the-agent.htmla > > > On Thu, Mar 3, 2011 at 11:52 AM, satish patel <[email protected]> wrote: >> Added: This document need to specify which side its talking about >> client/server (agent/manager) >> http://www.ossec.net/main/manual/centralized-config/ >> >> There is no keyword regarding this is agents side config or manager side ? >> >> -Satish >> >> >> >> >> On Thu, Mar 3, 2011 at 11:35 AM, satish patel <[email protected]> wrote: >>> I have 2.5.1 latest >>> >>> on Server /var/ossec/etc/shared/agents.conf right ? >>> >>> what configuration file on agents ? >>> >>> >>> Do you have example one? >>> >>> >>> On Thu, Mar 3, 2011 at 11:22 AM, carlopmart <[email protected]> wrote: >>>> On 03/03/2011 05:09 PM, satish patel wrote: >>>> >>>>> >>>>> We have many distro in our network ubuntu/redhat/gentoo etc.. also few >>>>> are high end servers and few are low end. so according that i want to >>>>> manage them centralized I want to change syscheck scan time frequency >>>>> etc.. different on low and high end servers. I want to disable active >>>>> response on my iptable firewall server etc.. so how should i maintain >>>>> all different different agent requirement in central location ? >>>>> >>>>> In above document they are saying<agent_config name=”agent1|agent2″> >>>>> what is this means ? is this my hostname or my agent actual name >>>>> which i configured in OSSEC ? >>>> >>>> It is your agent's name. One tip: use of <agent_config >>>> name=”agent1|agent2″> >>>> doesn't works, at least at 2.5.1. You need to create an agent config for >>>> every agent you like to administer. >>>> >>>>> >>>>> And how to disable active response on specific agent ? do i need to >>>>> add disable option in agents.conf or individual agents ossec.conf file >>>>> ? >>>>> >>>> >>>> using centralized configuration, only in agents.conf. >>>> >>>>> anybody has example files please post me i will appreciate your great help >>>>> >>>>> -Satish >>>> >>>> >>>> -- >>>> CL Martinez >>>> carlopmart {at} gmail {d0t} com >>>> >>> >> >
