Thank you for the reply, dan! Do I have to create agent.conf file on the server? Currently it does not exist on the server neither on any of the agents. I am using OSSEC 2.7 on RHEL6.
[root@PRDOSC1A ~]# cat /proc/version Linux version 2.6.32-358.6.2.el6.x86_64 ([email protected]) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue May 14 15:48:21 EDT 2013 Server: [root@PRDOSC1A ~]# find / -name "agent.conf" [root@PRDOSC1A ~]# find / -name "agents.conf" [root@PRDOSC1A ~]# Agent: [root@DEVSEC1C ~]# find / -name "agent.conf" [root@DEVSEC1C ~]# find / -name "agents.conf" [root@DEVSEC1C ~]# These are the contents of the ossec installation on my server (I have changed directory from /var to /u01): [root@PRDOSC1A ~]# ls -l /u01/ossec/etc/shared/ total 168 -r--r-----. 1 root root 153 Jun 17 06:17 ar.conf -r--r-----. 1 root ossec 9501 Nov 8 2012 cis_debian_linux_rcl.txt -r--r-----. 1 root ossec 8192 Nov 8 2012 cis_rhel5_linux_rcl.txt -r--r-----. 1 root ossec 14251 Nov 8 2012 cis_rhel_linux_rcl.txt -rw-r--r--. 1 ossecr ossec 70186 Jun 19 18:22 merged.mg -r--r-----. 1 root ossec 14872 Nov 8 2012 rootkit_files.txt -r--r-----. 1 root ossec 5193 Nov 8 2012 rootkit_trojans.txt -r--r-----. 1 root ossec 4457 Nov 8 2012 system_audit_rcl.txt -r--r-----. 1 root ossec 4682 Nov 8 2012 win_applications_rcl.txt -r--r-----. 1 root ossec 3859 Nov 8 2012 win_audit_rcl.txt -r--r-----. 1 root ossec 4929 Nov 8 2012 win_malware_rcl.txt These are the contents of /u01/ossec/etc/shared/ on my agent: [root@DEVSEC1C ~]# ls -l /u01/ossec/etc/shared total 88 -rwxrwx---. 1 root ossec 9501 Nov 8 2012 cis_debian_linux_rcl.txt -rwxrwx---. 1 root ossec 8192 Nov 8 2012 cis_rhel5_linux_rcl.txt -rwxrwx---. 1 root ossec 14251 Nov 8 2012 cis_rhel_linux_rcl.txt -rwxrwx---. 1 root ossec 14872 Nov 8 2012 rootkit_files.txt -rwxrwx---. 1 root ossec 5193 Nov 8 2012 rootkit_trojans.txt -rwxrwx---. 1 root ossec 4457 Nov 8 2012 system_audit_rcl.txt -rwxrwx---. 1 root ossec 4682 Nov 8 2012 win_applications_rcl.txt -rwxrwx---. 1 root ossec 3859 Nov 8 2012 win_audit_rcl.txt -rwxrwx---. 1 root ossec 4929 Nov 8 2012 win_malware_rcl.txt On Wednesday, 19 June 2013 15:18:29 UTC+5:30, Taher wrote: > > Hello All, > > I am newbie to OSSEC and we have installed a server and about 30 clients > in our test environment. > > We have a requirement of monitoring logs and integrity checking for files > and directories belonging to certain proprietary/custom applications in the > environment. My question is, if we were to specify the location of these > logs and files, would we have to do it in the ossec.conf file on each agent > or can we do it centrally on the server? > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
