On Wed, Sep 26, 2012 at 11:08 AM, Michael Barrett <[email protected]> wrote: > > I'm trying to verify that my updated agents are working properly > > Is there a way to actively query them? >
I used to use nagios. > > Not sure what ./agent_control actually does but it seems to come back too > quickly to have actually checked all the agents in real time > > > [root@newman bin]# ./agent_control > > OSSEC HIDS agent_control: Control remote agents. > Available options: > -h This help message. > -l List available (active or not) agents. > -lc List active agents. > -i <id> Extracts information from an agent. > -R <id> Restarts agent. > -r -a Runs the integrity/rootkit checking on all agents now. > -r -u <id> Runs the integrity/rootkit checking on one agent now. > > -b <ip> Blocks the specified ip address. > -f <ar> Used with -b, specifies which response to run. > -L List available active responses. > -s Changes the output to CSV (comma delimited). > > > [root@newman bin]#./agent_control -lc > > > ID: 812, Name: vw8webtest, IP: 172.24.192.27, Active > ID: 813, Name: vw8sql2k8test, IP: 172.24.192.13, Active > ID: 814, Name: vw8defsqlqa, IP: 172.24.193.57, Active > ID: 815, Name: cvw8captest, IP: 172.24.192.10, Active > ID: 819, Name: w3vmon, IP: 144.122.218.24, Active > ID: 820, Name: cvw3essbaset, IP: 172.24.192.39, Active > ID: 821, Name: w8vrectst, IP: 172.22.200.1, Active > ID: 823, Name: w3vrecqa, IP: 144.122.219.61, Active > > ____________________________________________ > Michael Barrett | Information Security Analyst - Lead | Mortgage Guaranty > Insurance Corporation > 270 E. Kilbourn Ave. | Milwaukee, WI 53202 USA | ( 1.414.347.6271 | 7 > 1.888.601.4440 | * [email protected] > > This message is intended for use only by the person(s) addressed above and > may contain privileged and confidential information. Disclosure or use of > this message by any other person is strictly prohibited. If this message is > received in error, please notify the sender immediately and delete this > message.
