What settings from the OSSEC server's etc/ossec.conf file are used to
on the clients? For example I've defined rules and active responses
on my server, and they are working fine, but what about <localfile>
items? Is there a way to centrally define what local files an agent
should be checking, or would this be the case where something like
Puppet comes into play? I have this on my server, and it works, but
just realized I probably need to push this to my clients,
<localfile>
<log_format>syslog</log_format>
<location>/var/ossec/logs/active-responses.log</location>
</localfile>
Thanks
- Trey
