Sorry to interrupt here. Its not related to this issue: I want to detect USB when I insert USB into my windows agent.
Where all I need to add the codes? What all changes for each file? Do I need to add code only on server side? Nothing at client? What is pushing of code from server? How do it manually? All I can get is to add: 1)log collection code in agents.conf(server side) 2)decoder 3)rule. Also what should be group name for this newly added rule?? Kindly help. Sorry. On Thu, Jun 21, 2012 at 5:42 AM, dan (ddp) <[email protected]> wrote: > The installer sets up the config for you. > On Jun 20, 2012 8:07 PM, "Brett" <[email protected]> wrote: > >> I didn't see the last part of the email. A link in the agent install >> would be a good place for that info. Since I'm not familiar with the >> software I'd have no idea to look in "ossec.conf: syntax" >> >> Sent from my iPhone >> >> On Jun 20, 2012, at 15:21, "dan (ddp)" <[email protected]> wrote: >> >> It's documented. In fact in the real install the config is populated for >> you. >> >> >> http://www.ossec.net/doc/syntax/head_ossec_config.client.html#element-server-ip >> >> In /var/ossc/etc/ossec.conf >> So something like: >> <ossec_config> >> <client> >> <server-ip>192.168.23.1</server-ip> >> >> This is all supe basic stuff. What would have made it easier to find in >> the documentation? >> On Jun 20, 2012 6:11 PM, "Brett Y" <[email protected]> wrote: >> >>> After installing ossec-hids-client and its dependencies, running >>> /var/ossec/bin/ossec-configure, if you select agent, you are not prompted >>> for the ip address of the server. And there doesn't seem to be any docs on >>> how to manually set that. >> >>
