Resolved, typo error in agent.conf at server
On Thu, Mar 3, 2011 at 12:30 PM, satish patel <[email protected]> wrote: > Look like my managment server pushed agent.conf to client after > restart agent i got follwoing error "No file configured to monitor" I > did specify each and every log files in agents.conf > > Starting OSSEC HIDS v2.5.1 (by Trend Micro Inc.)... > Started ossec-execd... > Started ossec-agentd... > 2011/03/03 09:30:38 ossec-logcollector(1905): INFO: No file configured > to monitor. > Started ossec-logcollector... > 2011/03/03 09:30:38 ossec-syscheckd(1702): INFO: No directory provided > for syscheck to monitor. > 2011/03/03 09:30:38 ossec-syscheckd: WARN: Syscheck disabled. > Started ossec-syscheckd... > Completed. > > > > > > On Thu, Mar 3, 2011 at 12:04 PM, satish patel <[email protected]> wrote: >> This boy did a great job in documentation of centralized >> configuration. We would like this kind of doc on ossec.net website. >> >> http://blog.godshell.com/blog/archives/274-WoO-Day-3-Meet-the-agent.htmla >> >> >> On Thu, Mar 3, 2011 at 11:52 AM, satish patel <[email protected]> wrote: >>> Added: This document need to specify which side its talking about >>> client/server (agent/manager) >>> http://www.ossec.net/main/manual/centralized-config/ >>> >>> There is no keyword regarding this is agents side config or manager side ? >>> >>> -Satish >>> >>> >>> >>> >>> On Thu, Mar 3, 2011 at 11:35 AM, satish patel <[email protected]> wrote: >>>> I have 2.5.1 latest >>>> >>>> on Server /var/ossec/etc/shared/agents.conf right ? >>>> >>>> what configuration file on agents ? >>>> >>>> >>>> Do you have example one? >>>> >>>> >>>> On Thu, Mar 3, 2011 at 11:22 AM, carlopmart <[email protected]> wrote: >>>>> On 03/03/2011 05:09 PM, satish patel wrote: >>>>> >>>>>> >>>>>> We have many distro in our network ubuntu/redhat/gentoo etc.. also few >>>>>> are high end servers and few are low end. so according that i want to >>>>>> manage them centralized I want to change syscheck scan time frequency >>>>>> etc.. different on low and high end servers. I want to disable active >>>>>> response on my iptable firewall server etc.. so how should i maintain >>>>>> all different different agent requirement in central location ? >>>>>> >>>>>> In above document they are saying<agent_config name=”agent1|agent2″> >>>>>> what is this means ? is this my hostname or my agent actual name >>>>>> which i configured in OSSEC ? >>>>> >>>>> It is your agent's name. One tip: use of <agent_config >>>>> name=”agent1|agent2″> >>>>> doesn't works, at least at 2.5.1. You need to create an agent config for >>>>> every agent you like to administer. >>>>> >>>>>> >>>>>> And how to disable active response on specific agent ? do i need to >>>>>> add disable option in agents.conf or individual agents ossec.conf file >>>>>> ? >>>>>> >>>>> >>>>> using centralized configuration, only in agents.conf. >>>>> >>>>>> anybody has example files please post me i will appreciate your great >>>>>> help >>>>>> >>>>>> -Satish >>>>> >>>>> >>>>> -- >>>>> CL Martinez >>>>> carlopmart {at} gmail {d0t} com >>>>> >>>> >>> >> >
