Thanks. Dan. I tried <scan_on_start>no</scan_on_start> in <agentless> section also, then it complained invalid configuration, this setting is only for syscheck for local agent, wondering how <auto_ignore>no<auto_igngore> seems to work for agentless.
I have been looking all over to have something to schedule agentless, no parameter to configure according to the manual http://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.agentless.html Just want to make sure I am not missing anything. If this is the case, then I would say OSSEC agentless is not scalable for large deployment? Every time OSSEC is restarted, it has to run through each 4000 client directory which can take a long time to finish. It looks like it goes to each client sequentially and can't do simutanenouly either. thanks. On Tuesday, October 6, 2015 at 8:05:31 AM UTC-4, dan (ddpbsd) wrote: > > On Mon, Oct 5, 2015 at 12:16 PM, Ben <[email protected] <javascript:>> > wrote: > > Hi, > > > > I would like to run agentless file integrity check on about 4000 > clients. > > How can I schedule this? Is this even scalabe to this many clients? Also > if > > max agent limit of 256, does it apply to agentess? It will probably take > > forever to run after the ossec is restarted? > > > > I tried <scan_on_start>no</scan_on_start> in syscheck but didn't seem to > > work. > > > > I believe that setting only affects the local system. > > > Thanks > > Ben > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
