On Jun 19, 2013 5:10 PM, "David Blanton" <[email protected]> wrote: > > If I have a <directories check_all="yes">/usr/local/bin,/sbin</directories> > > and <ignore>/opt/lampp</ignore> within my ossec.conf file (for example), does that mean that my agents will > > not abide by these rules? Are they only local rules for my OSSEC Server? >
Directories are local, I think ignores are global. > Do these have to be specifically addressed for each agent, with their OS, name, ect. within agent.conf in order > > for agents to either ignore certain directories or check certain files and directories? > Agents need to know they need to monitor files. You can either configure them in their individual ossec.confs, or in groups in the agent.conf. I think you can have a global section in the agent.conf if you do not configure a name or os. > > The OSSEC 2.7 documentation and book does not specifically make any of these things clear. > Offer specific suggestions and I can make the documentation better. > -- > > --- > You received this message because you are subscribed to the Google Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
