Working on a fix for that specifically after running into a problem with Active Response trying to implement it.
The first piece is to abuse ActiveResponse, and to enable that this patch (https://gist.github.com/reyjrar/5663893) allows the passing of filename using "<expect>filename</expect>" in the command definition. My colleagues are using this to build scripts to verify checksums against Puppet, Git, and rpm. The same architecture could be leveraged to check against apt or whatever else. I haven't tested this patch yet, but it does compile, I'll have a battle tested patch tomorrow. On Monday, May 27, 2013 10:57:12 PM UTC+2, Gerard Petersen wrote: > > Hi All, > > After updating my servers with the cyclic apt-get updates I get > notifications over time right thereafter from all updated agents. But those > are predicted and thus somewhat useless, moreover .. flooding my mailbox. > What I'm looking for is an instant 'new snapshot' of my servers. What I've > found sofar is this: > > # Clearing an agents database > /var/ossec/bin/syscheck_control -u 002 > > # force a syscheck scan (and re-populating the database) > /var/ossec/bin/agent_control -r -u 002 > > But 'dropping' the database and refilling it seems overkill and possibly > resulting in unnecessary server load. Anybody a better way to manage this? > > Thanx in advance. > > > Kind regards, > > Gerard. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
