Thanks Dan - I wish there was realtime monitoring of files. On the boxes I want this on, I have syscheck kicking off once every night. I guess that's enough though. Hopefully
On Jul 14, 12:34 pm, "dan (ddp)" <[email protected]> wrote: > I setup an active response to restart my agents when syscheck noticed > /var/ossec/etc/shared/agent.conf has changed. > > > > > > > > On Thu, Jul 14, 2011 at 3:06 PM, jplee3 <[email protected]> wrote: > > Hi all, > > > Does anyone have suggestions on pushing agent.conf after making > > changes and having this go into effect immediately? I'm specifically > > looking at when additions are made to monitor logfiles. > > > The agent.conf normally gets pushed after some time. However, it > > doesn't seem like OSSEC will actually read the file until the next > > restart. > > > Is there a way to force the OSSEC agent to *always* restart after the > > agent.conf is loaded? > > > Am I missing something here? > > > Thanks, > > Jeremy
