On Tue, Dec 3, 2013 at 12:01 PM, Fernando Cardoso <[email protected]> wrote: > Hello, > > I have many agents installed with hybrid mode configuration. > > By default the startup "/etc/init.d/ossec start" only starts the agent: > /var/ossec/ossec-agent/bin/ossec-agentd > /var/ossec/ossec-agent/bin/ossec-logcollector > /var/ossec/ossec-agent/bin/ossec-syscheckd > > If I start ossec through "/var/ossec/bin/ossec-control start" works fine: > 00:00:00 /var/ossec/ossec-agent/bin/ossec-agentd > 00:00:00 /var/ossec/ossec-agent/bin/ossec-logcollector > 00:00:00 /var/ossec/ossec-agent/bin/ossec-syscheckd > 00:00:00 /var/ossec/bin/ossec-execd > 00:00:00 /var/ossec/bin/ossec-analysisd > 00:00:00 /var/ossec/bin/ossec-logcollector > 00:00:00 /var/ossec/bin/ossec-syscheckd > 00:00:00 /var/ossec/bin/ossec-monitord > > I use hybrid mode because I need the ossec-agent managed by server and I > need active-response local too. > > To solve this issue I need to change file /etc/ossec-init.conf (DIRECTORY). > > My doubts are: > My installation Its OK? Why only agent is started by default?
Probably an oversight. I'm not entirely sure how much testing went into hybrid before it was included. > I really need the hybrid mode to active response? You do not need hybrid mode to use active response. If that's what you thought, please point out the documentation that led you to believe this so I can correct it. > Can I manage the active response through ossec-server? > Active response is managed through the server. The only configuration done on the agent is enabling or disabling it. > Many Thanks > Fernando C > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
