Holy smokes that helps out a lot. Thanks dan. So if I want to manage directory checks through agent.conf - I can technically have ossec.conf empty as long as I have the client IP/port in there.
One last question - how do the agents get the ossec.conf settings? Are they defaults with the directories check and the IP/port. rootcheck ect. is added during the installation? On Wednesday, June 26, 2013 3:50:25 PM UTC-4, dan (ddpbsd) wrote: > > On Wed, Jun 26, 2013 at 3:36 PM, David Blanton > <[email protected] <javascript:>> wrote: > > So if I set my server-side agent.conf file with <agent_config > name"XXXX"> > > for all my agents, > > > > And have a list of all my agents, with local files, & directories to > > monitor, directories to ignore, will it do just that for all my agents? > Or > > do I have to copy all of this over to each agent.conf file located on > each > > agent's server? > > > > The server should push the agent.conf to each agent automagically. > > > > > Also, what takes precedence - agent.conf or ossec.conf located on the > agent? > > No idea, I've never gotten around to figuring it out.I try not to > duplicate settings between the two. > > > Or is agent.conf used to guide the agent to search through specific > > files/dirs and the ossec.conf is for the rootcheck & ignores, ect. > > > > > > If I edit the agent.conf file server side - it doesn't update the > agent.conf > > file on the agent side? Same goes for ossec.conf? I'm getting more and > more > > confused lol. Do you have an efficient, preferred way of setting all > this > > up? > > > > The agent.conf gets pushed from the server to the agents. The > ossec.conf does not. > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
