Hi everyone, Continuing with my enhancements to support agent configuration profiles (see thread : http://groups.google.com/group/ossec-list/browse_thread/thread/28a76c8180e28a4b), I have added the feature that Jason Frisvold suggested i.e. combining of profiles.
So now, in the agent.conf file, I can setup different profiles like <agent_conf profile="linux"> ..... </agent_conf> <agent_conf profile="solaris"> ..... </agent_conf> <agent_conf profile="oracle"> ..... </agent_conf> And if I have 2 different agents - an oracle server on linux and an oracle server on solaris, all I need to do is set their config-profiles as Agent1: <config-profile>linux,oracle</config-profile> Agent2: <config-profile>solaris,oracle</config-profile> The behaviour of the daemons is as follows: 1. syscheckd: The list of directories, registry entries to monitor and files/dirs/registry entries to ignore will be merged. E.g. if the "linux" profile specifies the directory /bin to be monitored and the "oracle" profile specifies the "/opt/oracle" directory to be monitored, then syscheck will read both the config profiles and monitor both directories. The behaviour for global configs is a little different. The values will be overwritten if they are present in another config. For e.g. Frequency is a global parameter. If it is set to 100 in the "linux" config and then set to 200 in the "oracle" config, syscheck will overwrite 100 with 200 and run at 200 sec intervals. If it is not overwritten in the "oracle" profile, syscheck will use the value of 100. Currently the order of precedence is **NOT** based on the order specified in the <config-profile> tag. It is specified by the order of the <agent_conf> blocks in the agent.conf file. Blocks lower down will overwrite values that are defined in blocks higher up in the file. 2. logcollector: The list of directories in each agent-conf file is appended together and all the directories are monitored. The changes are present from my bitbucket repository https://bitbucket.org/cmoraes/ossec/changeset/2d5d72be045b : Tag: MultpileProfileWithOverwriting https://bitbucket.org/cmoraes/ossec If you would like to test this out, please send me your feedback. Regards, Chris
