On Fri, Dec 13, 2013 at 9:41 AM, Michiel van Es <[email protected]> wrote: > > > Op vrijdag 13 december 2013 14:33:20 UTC+1 schreef dan (ddpbsd): >> >> On Fri, Dec 13, 2013 at 8:12 AM, Michiel van Es <[email protected]> >> wrote: >> > Hi, >> > >> > is it possible to remove entries in client.keys via an automated >> > script/way >> > (for example a call from racktables). ? >> > We reinstall machines from time to time (can be batches of 30+ machines) >> > if >> > so, then it would be nice if we can remove the entry from the >> > client.keys >> > entry and recreate the entry if the machine is reinstalled and ossec >> > reconnects and creates a new entry. >> > >> > I do see some command line options for manage_agents but not removal >> > options. >> > >> > Any advise would be more then welcome. >> > >> >> You should be able to script it, but you might need to restart the >> OSSEC processes after. > > > You mean removing with grep/sed the client.keys file and then restart ossec?
Yes. It shouldn't be too difficult. > (are db entries/queues also cleaned up after the restart?) I'm not sure what all would need to be cleaned up, but I don't think OSSEC will delete any data. > If we recreate the same machine is it possible that the new machine gets the > old ossec data as a result? > Only if you use the same ID, but reusing IDs is generally a bad idea (plus possible rids issues). > Michiel >> >> >> > Michiel >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
