Hello, I have many agents installed with hybrid mode configuration.
By default the startup "/etc/init.d/ossec start" only starts the agent: /var/ossec/ossec-agent/bin/ossec-agentd /var/ossec/ossec-agent/bin/ossec-logcollector /var/ossec/ossec-agent/bin/ossec-syscheckd If I start ossec through "/var/ossec/bin/ossec-control start" works fine: 00:00:00 /var/ossec/ossec-agent/bin/ossec-agentd 00:00:00 /var/ossec/ossec-agent/bin/ossec-logcollector 00:00:00 /var/ossec/ossec-agent/bin/ossec-syscheckd 00:00:00 /var/ossec/bin/ossec-execd 00:00:00 /var/ossec/bin/ossec-analysisd 00:00:00 /var/ossec/bin/ossec-logcollector 00:00:00 /var/ossec/bin/ossec-syscheckd 00:00:00 /var/ossec/bin/ossec-monitord I use hybrid mode because I need the ossec-agent managed by server and I need active-response local too. To solve this issue I need to change file /etc/ossec-init.conf (DIRECTORY). My doubts are: My installation Its OK? Why only agent is started by default? I really need the hybrid mode to active response? Can I manage the active response through ossec-server? Many Thanks Fernando C -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
