On Wed, Mar 19, 2014 at 4:32 PM, Anuj AJ <[email protected]> wrote: > Greetings. > > Went through other information about managing centralized agent.conf through > ossec HID server. > It has successfully been able to update the agent.conf on the agents > (although it take sometime, which is fine) > > Here is the problem - > > This is my agent.conf - > > > <agent_config> > > > <syscheck> > > <alert_new_files>yes</alert_new_files> > > <!-- Directories to check (perform all possible verifications) --> > <directories check_all="yes">/home</directories> > > <ignore type="sregex">.log$|.tmp</ignore> > > <ignore>/etc/motd</ignore> > <ignore>/home/mysql</ignore> > <ignore>/home/mongodb</ignore> > <ignore>/home/backups</ignore> > > </syscheck> > > </agent_config> > > The Ossec.conf on the AGENT is the generic conf that comes out of the box, > and im trying to push other requirements through agent.conf from the server. > > > Although I do get alerts from ossec, about changes made to files / new files > added to the system on generic folders (through generic config) - /etc , > /sbin etc etc. > Iam not getting any changes from the /home folder from agents, about new > files added or files changed. > > > Help regarding this would be highly appreciated :) >
Verify that the agent processes were restarted after the agent.conf was pushed. Make sure the agent.conf was actually updated properly. Double check to make sure that the agent you're testing on should actually be using the block you've defined in agent.conf. > Thanks > AJ > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
