On Wed, Oct 26, 2011 at 8:48 AM, James M Pulver <[email protected]> wrote: > I'm new to OSSEC, so maybe I'm missing something, but one of the tips is to > use active response on Windows to restart the agents when ossec.conf changes. > It doesn't really explain however how to do that. If I just enable active > response, does Windows agents then automatically restart on changes to that > file? Or do I need to define a command for it? >
There is a restart.cmd (I think this is the name, I don't have an install to check at the moment) script that can be used to restart a Windows agent. To restart when a file changes (like ossec.conf or agent.conf), you'll need to define an active response and command for this. > -- > James Pulver > Information Technology Area Supervisor > LEPP Computer Group > Cornell University > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Michael Starks > Sent: Wednesday, October 26, 2011 8:25 AM > To: ossec-list > Subject: [ossec-list] 3WoO Day 4: Five Tips & Tricks for OSSEC Ninjas! > > http://www.immutablesecurity.com/index.php/2011/10/26/3woo-day-4-five-tips-tricks-for-ossec-ninjas/ > > Enjoy! >
