I'm new to OSSEC, so maybe I'm missing something, but one of the tips is to use active response on Windows to restart the agents when ossec.conf changes. It doesn't really explain however how to do that. If I just enable active response, does Windows agents then automatically restart on changes to that file? Or do I need to define a command for it?
-- James Pulver Information Technology Area Supervisor LEPP Computer Group Cornell University -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Starks Sent: Wednesday, October 26, 2011 8:25 AM To: ossec-list Subject: [ossec-list] 3WoO Day 4: Five Tips & Tricks for OSSEC Ninjas! http://www.immutablesecurity.com/index.php/2011/10/26/3woo-day-4-five-tips-tricks-for-ossec-ninjas/ Enjoy!
