Dan,
So could I get an example of a template for agent.conf? For example,
currently I have about 50 agents deployed on Solaris and RHEL5 servers.
In my ossec.conf file I have:
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin</directories>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/messages</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/secure</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/adm/sulog</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/adm/messages</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/maillog</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/httpd/error_log</location>
</localfile>
<localfile>
<log_format>apache</log_format>
<location>/var/log/httpd/access_log</location>
</localfile>
because I was under the impression that all agents would be monitoring all
of these directories and files.
So to make this clear, is there no way to have all my agents check all of
these? I have to divide my agents into Solaris and RHEL5 Linux groups, and
specify which will monitor which? This seems a bit repetitive unless I am
not imagining things correctly.
If directory checks are local - does that mean agents must be specified
which local files to be monitored?
How would the syntax be in the agent.conf to do something like this
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
