It sounds new ossec agent installation with minimal ossec.conf is requried Thanks for interest.
8 Mar 2016 tarihinde 22:17 saatinde, Ryan Schulze <[email protected]> şunları yazdı: > If he doesn't have any kind of configuration management/orchestration in > place it might make more sense to use a minimal ossec.conf on the agents and > deploy any changes via the shared/agent.conf on the master. > > That way he won't run into problems again with settings on the agents he > might have to manually remove. > > >> On 3/8/2016 1:01 PM, Pedro S wrote: >> I can't imagine a way to change ossec.conf on every agent if you are not >> using some deployment software (like Puppet). >> >> One solution for further installations is to change default ossec.conf file >> in order to include your EventID exception. >> >> Regards, >> >> Pedro S. >> >>> On Monday, March 7, 2016 at 3:02:49 PM UTC+1, Abdulvehhab Agin wrote: >>> Hi, >>> >>> >>> We have lots of ossec.agent on Windows system; These ossec's generate too >>> much "Audit Logs" and we don't want to collects these logs; >>> >>> >>> When i change Ossec.conf on client manually : >>> >>> >>> ## New Ossec.conf >>> ------------------------ >>> >>> <localfile> >>> <location>Security</location> >>> <log_format>eventchannel</log_format> >>> <query>Event/System[EventID!="4648" and EventID!="4656" and >>> EventID!="4658"]</query> >>> </localfile> >>> >>> ------------------------ >>> >>> >>> It works good but, we don't want to change this config manually on each >>> computer; Is there a way to deploy this config via OSSEC Server like >>> shared/agent.conf >>> >>> >>> >>> Thanks for any help. >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to a topic in the Google > Groups "ossec-list" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ossec-list/UFQ5gE9HZHw/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
