On Jan 23, 2012, at 7:23 PM, BP9906 wrote:
> Word of advice too. When you make changes to the agent.conf on the
> ossec server, it takes a few minutes to copy down to the agents. Then
> you have to somehow remember to restart all the agents to re-read the
> newly copied agent.conf file. To restart all the agents, you can do
> something like this:
>
> for i in `/var/ossec/bin/agent_control -l | grep "ID:" | awk '{print
> $2}' | sed 's/.$//'`; do /var/ossec/bin/agent_control -R $i; sleep 2;
> done
Or, if you're into a more automated method, you can do this :
http://blog.godshell.com/blog/archives/291-Helpful-Rules-For-OSSEC.html
---------------------------
Jason 'XenoPhage' Frisvold
[email protected]
---------------------------
"Any sufficiently advanced magic is indistinguishable from technology."
- Niven's Inverse of Clarke's Third Law
