I found this documentation :
http://www.ossec.net/doc/manual/agent/agent-configuration.html
It says: "First Create the file /var/ossec/etc/shared/agent.conf." so that
answers my previous question and give rise to another one :) :
Since we are using OSSEC only for FIM and not for log correlation and
analysis (we have splunk for that).
I wish to specify certain directories and files that we want to monitor
using syscheck in agent.conf. Can we use something like this in agent.conf
? :
<directories check_all="yes">/etc,/usr/bin,/usr/sbin,
/other/custom/directory</directories>
<directories check_all="yes">/bin,/sbin</directories>
as opposed to :
<localfile>
<location>/var/log/my.log</location>
<log_format>syslog</log_format>
</localfile>
because quite frankly, the directories that we want to monitor on the agents
are not always logs.
On Wednesday, 19 June 2013 15:18:29 UTC+5:30, Taher wrote:
>
> Hello All,
>
> I am newbie to OSSEC and we have installed a server and about 30 clients
> in our test environment.
>
> We have a requirement of monitoring logs and integrity checking for files
> and directories belonging to certain proprietary/custom applications in the
> environment. My question is, if we were to specify the location of these
> logs and files, would we have to do it in the ossec.conf file on each agent
> or can we do it centrally on the server?
>
>
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
