On Thu, Nov 10, 2011 at 9:13 AM, alsdks <[email protected]> wrote: > Hello , > > Another starter's question . I am trying to make agent.conf work but > with no luck so far . > I have created the /var/ossec/etc/shared/agent.conf with the following > entries : > > <agent_config name=”windows7"> > <syscheck> > <frequency>72000</frequency> > <directories check_all="yes">c:\test\</directories> > </syscheck> > </agent_config> > > <agent_config name=”solar1"> > <syscheck> > <frequency>72000</frequency> > <directories check_all="yes">/opt/test</directories> > </syscheck> > </agent_config> > > The agent.conf does get copied on target machines (a windows system > and a Solaris one ) successfully with no errors .However ossec.log in > either system is not indicating that it is monitoring the directories > specified in agent.conf. And changes are not caught. > > Am I missing something ? > The agent names of these systems are "windows7" and "solar1"? Did you restart the OSSEC processes after the agent.conf was copied to the agent?
> Oh and a couple of questions\notes : > > -agent_control -R does not seem to do anything against Windows > platforms .In fact nothing of agent_control works against Windows ? Is > there a port that needs to be opened on the target system ? (server > side 1514 is open and in general I haven't anything blocking it ). Or > it does not work against Windows, period? > Is active-response enabled on the Windows agent? > -agent.conf and ossec.conf of each system are combined .What happens > when values are contradicting ? > Does agent.conf override local configurations? > I think ossec.conf wins, but I can't remember. It shouldn't be too hard to test. > Thank you ! >
