What settings from the OSSEC server's etc/ossec.conf file are used to
on the clients?  For example I've defined rules and active responses
on my server, and they are working fine, but what about <localfile>
items?  Is there a way to centrally define what local files an agent
should be checking, or would this be the case where something like
Puppet comes into play?  I have this on my server, and it works, but
just realized I probably need to push this to my clients,


  <localfile>
    <log_format>syslog</log_format>
    <location>/var/ossec/logs/active-responses.log</location>
  </localfile>

Thanks
- Trey

Reply via email to