You bet it does =). The goal is to give the tool awareness capabilities to understand what the box does and build the ossec profile accordingly. I'll reach out to you in a separate email if you'd like to talk a few about it. I would enjoy your feedback. Additionally, if it doesn't turn out to be what you need, I can assist in writing a script to just inject your list into the ossec config.
Devon J. Greene Dacotah Bank -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of James Whittington Sent: Tuesday, August 27, 2013 8:21 AM To: [email protected] Subject: RE: [ossec-list] Option to include a file of local directory definitions on a Windows client Devin, I would be real interested in that scripting, does it actually inject the configuration code into the OSSEC config file? I already generate a website list to a file so I could fetch logfile locations from it but I wasn't real sure how to automate the creation of the OSSEC data and inject it into the correct place in the OSSEC config file. James Whittington [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Devon J. Greene Sent: Monday, August 26, 2013 11:35 PM To: [email protected] Subject: RE: [ossec-list] Option to include a file of local directory definitions on a Windows client James, I have a dynamic OSSEC profile builder tool for windows systems written in powershell. One of its abilities is to find each web application and properly monitor the right logfile. Let me know if you're interested in the IIS detection snippet. It'll be an open source tool I want to contribute to the community after I get done w/ some more testing. =) Devon J. Greene -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of James Whittington Sent: Monday, August 26, 2013 9:46 PM To: [email protected] Subject: [ossec-list] Option to include a file of local directory definitions on a Windows client I am running a mixed environment of Linux and Windows Webservers and trying to determine how to add all my website logfiles. On the Linux Servers all the website logfiles reside in the same folder so I have a wildcard pattern to add all the website logfiles. On the Windows side however logfiles are stored by customer and website and thus do not exist in the same folder area. I was wondering if there was an option to reference an external file or directory for local file definitions? Then I could easily rebuild definitions in this external file as sites are added without having to modify the main config file. I am hoping I just missed this option as it sounds like something that could be in the agent.conf file and pushed out to multiple servers. James Whittington -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out. ________________________________ CONFIDENTIALITY NOTICE: This electronic communication (email), including any attachments, is covered by the Electronic Communications Privacy Act, 18 U.S.C. §§2510 – 2521; is confidential; and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution or copying of this electronic communication is strictly prohibited. Please reply to the sender that you received this message in error and then delete or otherwise destroy any and all copies of this electronic communication. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out. ________________________________ CONFIDENTIALITY NOTICE: This electronic communication (email), including any attachments, is covered by the Electronic Communications Privacy Act, 18 U.S.C. §§2510 – 2521; is confidential; and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution or copying of this electronic communication is strictly prohibited. Please reply to the sender that you received this message in error and then delete or otherwise destroy any and all copies of this electronic communication. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
