Word of advice too. When you make changes to the agent.conf on the
ossec server, it takes a few minutes to copy down to the agents. Then
you have to somehow remember to restart all the agents to re-read the
newly copied agent.conf file. To restart all the agents, you can do
something like this:
for i in `/var/ossec/bin/agent_control -l | grep "ID:" | awk '{print
$2}' | sed 's/.$//'`; do /var/ossec/bin/agent_control -R $i; sleep 2;
done
On Jan 23, 12:11 pm, AlexD <[email protected]> wrote:
> It worked.
> Thanks for your help! :-)
>
> Alex
>
> On Jan 12, 9:44 am, Andy Jack <[email protected]> wrote:
>
>
>
>
>
>
>
> > 'md5sum' is usually the command for getting md5 checksum of a file on
> > linux, e.g.:
>
> > md5sum file.txt
>
> > According to the documentation, you should see the md5sum of the
> > agent.conf that the agent has in the agent_control -i <agent_id> output.
> > To test that this works you could add something trivial (e.g. xml
> > comment) to the agent.conf on the linux server, get the updated md5sum,
> > and wait for the new md5sum to appear on the windows agent (or restart
> > ossec on the linux server). I think you'd also see the modification
> > time of the file change on the windows agent when it is updated.
>
> > Andy
>
> > On Thu, Jan 12, 2012 at 09:08:33AM -0800, AlexD wrote:
> > > I tried that but when I check the md5 checksum and issue the command
> > > md5 /var/ossec/etc/shared/agent.conf it says command not found. How
> > > will I know if my agent.conf file is being pushed across my agents?
> > > And if it does, will it update a file on the Windows side or not?
>
> > > Thanks,
>
> > > Alex
>
> > > On Jan 11, 10:11 am, Andy Jack <[email protected]> wrote:
> > > > Hello, I think this is what you're after:
>
> > > >http://www.ossec.net/doc/manual/agent/agent-configuration.html
>
> > > > Andy
>
> > > > On Wed, Jan 11, 2012 at 09:33:58AM -0800, AlexD wrote:
> > > > > Hi everybody and thanks for you help!
>
> > > > > So, I have this architecture:
>
> > > > > - 1 linux server with OSSEC HIDS 2.6 installed
> > > > > - several Windows boxes where I need to deploy the agents
>
> > > > > I would like to know if there is a way to have a centralized
> > > > > configuration file on the linux server that then gets "pushed" to all
> > > > > the windows agents. Also, I believe I will have to go and manually
> > > > > install the Windows agents manually on every single box (or maybe
> > > > > using a script).
>
> > > > > Moreover, since if this architecture will work I will add Linux agents
> > > > > as well, is it possible to have two configuration files on the
> > > > > management server so that the Linux boxes point at the linux config
> > > > > and the Windows boxes point at the windows config?
>
> > > > > Thanks,
>
> > > > > AlexD =)
