We configure all agents via manually by hand; so it is too hard to change ossec.conf manually;
2016-03-08 14:13 GMT+02:00 dan (ddp) <[email protected]>: > On Tue, Mar 8, 2016 at 5:53 AM, <[email protected]> wrote: > > > > If we don't delete these tag in local ossec.conf, it sends these log > again. > > > > It doesnt solve problem, any suggesion? > > > > How do you currently do configuration management? > > > > > 8 Mar 2016 tarihinde 12:29 saatinde, Jesus Linares <[email protected]> > şunları > > yazdı: > > > > Hi, > > > > check out the documentation: > > > http://ossec-docs.readthedocs.org/en/latest/manual/agent/agent-configuration.html > > > > It would be something like: > > > > /var/ossec/etc/shared/agent.conf: > > > > <agent_config os="Windows"> > > <localfile> > > <location>Security</location> > > <log_format>eventchannel</log_format> > > <query>Event/System[EventID!="4648" and EventID!="4656" and > > EventID!="4658"]</query> > > </localfile> > > </agent_config> > > > > Regards. > > Jesus Linares. > > > > On Monday, March 7, 2016 at 3:02:49 PM UTC+1, Abdulvehhab Agin wrote: > >> > >> Hi, > >> > >> > >> We have lots of ossec.agent on Windows system; These ossec's generate > too > >> much "Audit Logs" and we don't want to collects these logs; > >> > >> > >> When i change Ossec.conf on client manually : > >> > >> > >> ## New Ossec.conf > >> ------------------------ > >> > >> <localfile> > >> <location>Security</location> > >> <log_format>eventchannel</log_format> > >> <query>Event/System[EventID!="4648" and EventID!="4656" and > >> EventID!="4658"]</query> > >> </localfile> > >> > >> ------------------------ > >> > >> > >> It works good but, we don't want to change this config manually on each > >> computer; Is there a way to deploy this config via OSSEC Server like > >> shared/agent.conf > >> > >> > >> > >> Thanks for any help. > >> > >> > >> > >> > >> > > -- > > > > --- > > You received this message because you are subscribed to a topic in the > > Google Groups "ossec-list" group. > > To unsubscribe from this topic, visit > > https://groups.google.com/d/topic/ossec-list/UFQ5gE9HZHw/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > > [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/UFQ5gE9HZHw/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
