I have added my ossec.conf and agent.conf , Is it possible to have a look
to see if there is something that is off ? ( i have removed the IP adress
for the agentless section)
Thank you,
Alex
On Wednesday, April 13, 2016 at 10:40:00 AM UTC-4, Kat wrote:
>
> You should disable RIDS:
>
> remoted.verify_msg_id=0
>
> The errors should go away. The problem is, RIDS must be removed on both
> agent and server, that may be causing issues.
>
> Kat
>
> On Tuesday, April 5, 2016 at 8:21:18 AM UTC-5, Alexandre LAQUERRE wrote:
>>
>> Hi,
>>
>>
>>
>> I have been using Ossec for quite a while and we decided to upgrade the
>> version (2.7.1) to 2.8.3 and that was relatively successful except for the
>> fact that it pulled a number on my Ossec.conf by creating indent problems
>> and adding open brackets in the wrong area but anyway it works. My issue is
>> that for the moment our client will not update the OSSEC agents and wish to
>> keep the 2.7.1 , I have not seen any documentation that would indicate a
>> compatibility issue however I noticed that no matter what I do , the agents
>> will end up disconnecting. They will start out all active and then after 20
>> minutes or so they will all be disconnected except for a small minority.
>>
>>
>>
>> When I performed the install I have set the maximum number of agents to
>> 4096 because the client has about … I would say close to 3000 agents,
>> furthermore the installation did go well however I suspect that the
>> agent.conf file in the shared folder got messed up due to this update being
>> very significant. I have been working on this issue for at least three days
>> and I am no longer certain where to look.
>>
>>
>>
>> I would like to specify that I have already tried to erase the RIDS while
>> Ossec Is stop (server) and when I start it back up again the same issue
>> occurs. Now I am hoping the solution will not be to erase the rids from the
>> client as it would be a long process for our customer.
>>
>>
>>
>> Thank you,
>>
>>
>>
>>
>>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
<agent_config os="Windows">
<syscheck>
<!-- Frequency that syscheck is executed - default to every 22 hours -->
<frequency>72000</frequency>
<!-- Default files to be monitored - system32 only. -->
<directories check_all="yes">C:\Program
Files/SplunkUniversalForwarder/etc/system/local</directories>
<directories check_all="yes">%WINDIR%/win.ini</directories>
<directories check_all="yes">%WINDIR%/system.ini</directories>
<directories check_all="yes">C:\autoexec.bat</directories>
<directories check_all="yes">C:\config.sys</directories>
<directories check_all="yes">C:\boot.ini</directories>
<directories check_all="yes">%WINDIR%/System32/CONFIG.NT</directories>
<directories check_all="yes">%WINDIR%/System32/AUTOEXEC.NT</directories>
<directories check_all="yes">%WINDIR%/System32/at.exe</directories>
<directories check_all="yes">%WINDIR%/System32/attrib.exe</directories>
<directories check_all="yes">%WINDIR%/System32/cacls.exe</directories>
<directories check_all="yes">%WINDIR%/System32/debug.exe</directories>
<directories check_all="yes">%WINDIR%/System32/drwatson.exe</directories>
<directories check_all="yes">%WINDIR%/System32/drwtsn32.exe</directories>
<directories check_all="yes">%WINDIR%/System32/edlin.exe</directories>
<directories check_all="yes">%WINDIR%/System32/eventcreate.exe</directories>
<directories
check_all="yes">%WINDIR%/System32/eventtriggers.exe</directories>
<directories check_all="yes">%WINDIR%/System32/ftp.exe</directories>
<directories check_all="yes">%WINDIR%/System32/net.exe</directories>
<directories check_all="yes">%WINDIR%/System32/net1.exe</directories>
<directories check_all="yes">%WINDIR%/System32/netsh.exe</directories>
<directories check_all="yes">%WINDIR%/System32/rcp.exe</directories>
<directories check_all="yes">%WINDIR%/System32/reg.exe</directories>
<directories check_all="yes">%WINDIR%/regedit.exe</directories>
<directories check_all="yes">%WINDIR%/System32/regedt32.exe</directories>
<directories check_all="yes">%WINDIR%/System32/regsvr32.exe</directories>
<directories check_all="yes">%WINDIR%/System32/rexec.exe</directories>
<directories check_all="yes">%WINDIR%/System32/rsh.exe</directories>
<directories check_all="yes">%WINDIR%/System32/runas.exe</directories>
<directories check_all="yes">%WINDIR%/System32/sc.exe</directories>
<directories check_all="yes">%WINDIR%/System32/subst.exe</directories>
<directories check_all="yes">%WINDIR%/System32/telnet.exe</directories>
<directories check_all="yes">%WINDIR%/System32/tftp.exe</directories>
<directories check_all="yes">%WINDIR%/System32/tlntsvr.exe</directories>
<directories check_all="yes">%WINDIR%/System32/drivers/etc</directories>
<directories check_all="yes" realtime="yes">C:\Documents and Settings/All
Users/Start Menu/Programs/Startup</directories>
<directories check_all="yes" realtime="yes">C:\Users/Public/All
Users/Microsoft/Windows/Start Menu/Startup</directories>
<ignore type="sregex">.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$</ignore>
<!-- Windows registry entries to monitor. -->
<windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\batfile</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\cmdfile</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\comfile</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\exefile</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\piffile</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\Directory</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\Folder</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Classes\Protocols</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Policies</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Security</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session
Manager\KnownDLLs</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Windows</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon</windows_registry>
<windows_registry>HKEY_LOCAL_MACHINE\Software\Microsoft\Active
Setup\Installed Components</windows_registry>
<!-- Windows registry entries to ignore. -->
<registry_ignore>HKEY_LOCAL_MACHINE\Security\Policy\Secrets</registry_ignore>
<registry_ignore>HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users</registry_ignore>
<registry_ignore type="sregex">\Enum$</registry_ignore>
<!-- Windows files to ignore -->
<ignore>C:\WINDOWS/System32/LogFiles</ignore>
<ignore>C:\WINDOWS/Debug</ignore>
<ignore>C:\WINDOWS/WindowsUpdate.log</ignore>
<ignore>C:\WINDOWS/iis6.log</ignore>
<ignore>C:\WINDOWS/system32/wbem/Logs</ignore>
<ignore>C:\WINDOWS/system32/wbem/Repository</ignore>
<ignore>C:\WINDOWS/Prefetch</ignore>
<ignore>C:\WINDOWS/PCHEALTH/HELPCTR/DataColl</ignore>
<ignore>C:\WINDOWS/SoftwareDistribution</ignore>
<ignore>C:\WINDOWS/Temp</ignore>
<ignore>C:\WINDOWS/system32/config</ignore>
<ignore>C:\WINDOWS/system32/spool</ignore>
<ignore>C:\WINDOWS/system32/CatRoot</ignore>
</syscheck>
</agent_config>
<agent_config os="Linux">
<syscheck>
<!-- Frequency that syscheck is executed - default to every 22 hours -->
<frequency>72000</frequency>
<!-- Files to monitor (localfiles) -->
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/mnttab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
</syscheck>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/messages</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/secure</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/maillog</location>
</localfile>
<localfile>
<log_format>command</log_format>
<command>df -h</command>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>netstat -tan |grep LISTEN |grep -v 127.0.0.1 | sort</command>
</localfile>
<localfile>
<log_format>full_command</log_format>
<command>last -n 5</command>
</localfile>
</agent_config>
<agent_config>
<rootcheck>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
</rootcheck>
</agent_config>
<ossec_config>
<global>
<email_notification>no</email_notification>
</global>
<syscheck>
<!-- Frequency that syscheck is executed - default to every 22 hours -->
<frequency>86400</frequency>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin</directories>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/mnttab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
<!-- Windows files to ignore -->
<ignore>C:\WINDOWS/System32/LogFiles</ignore>
<ignore>C:\WINDOWS/Debug</ignore>
<ignore>C:\WINDOWS/WindowsUpdate.log</ignore>
<ignore>C:\WINDOWS/iis6.log</ignore>
<ignore>C:\WINDOWS/system32/wbem/Logs</ignore>
<ignore>C:\WINDOWS/system32/wbem/Repository</ignore>
<ignore>C:\WINDOWS/Prefetch</ignore>
<ignore>C:\WINDOWS/PCHEALTH/HELPCTR/DataColl</ignore>
<ignore>C:\WINDOWS/SoftwareDistribution</ignore>
<ignore>C:\WINDOWS/Temp</ignore>
<ignore>C:\WINDOWS/system32/config</ignore>
<ignore>C:\WINDOWS/system32/spool</ignore>
<ignore>C:\WINDOWS/system32/CatRoot</ignore>
<alert_new_files>yes</alert_new_files>
</syscheck>
<rootcheck>
<rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
<rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
<system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_debian_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel_linux_rcl.txt</system_audit>
<system_audit>/var/ossec/etc/shared/cis_rhel5_linux_rcl.txt</system_audit>
</rootcheck>
<active-response>
<disabled>yes</disabled>
</active-response>
<alerts>
<log_alert_level>1</log_alert_level>
<email_alert_level>7</email_alert_level>
</alerts>
<!-- Files to monitor (localfiles) -->
<localfile>
<log_format>syslog</log_format>
<location>/var/log/messages</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/secure</location>
</localfile>
<localfile>
<log_format>syslog</log_format>
<location>/var/log/maillog</location>
</localfile>
<remote>
<connection>secure</connection>
<local_ip>172.17.2.14</local_ip>
<port>1514</port>
</remote>
<rules>
<include>rules_config.xml</include>
<include>pam_rules.xml</include>
<include>sshd_rules.xml</include>
<include>telnetd_rules.xml</include>
<include>syslog_rules.xml</include>
<include>arpwatch_rules.xml</include>
<include>symantec-av_rules.xml</include>
<include>symantec-ws_rules.xml</include>
<include>pix_rules.xml</include>
<include>named_rules.xml</include>
<include>smbd_rules.xml</include>
<include>vsftpd_rules.xml</include>
<include>pure-ftpd_rules.xml</include>
<include>proftpd_rules.xml</include>
<include>ms_ftpd_rules.xml</include>
<include>ftpd_rules.xml</include>
<include>hordeimp_rules.xml</include>
<include>roundcube_rules.xml</include>
<include>wordpress_rules.xml</include>
<include>cimserver_rules.xml</include>
<include>vpopmail_rules.xml</include>
<include>vmpop3d_rules.xml</include>
<include>courier_rules.xml</include>
<include>web_rules.xml</include>
<include>web_appsec_rules.xml</include>
<include>apache_rules.xml</include>
<include>nginx_rules.xml</include>
<include>php_rules.xml</include>
<include>mysql_rules.xml</include>
<include>postgresql_rules.xml</include>
<include>ids_rules.xml</include>
<include>squid_rules.xml</include>
<include>firewall_rules.xml</include>
<include>cisco-ios_rules.xml</include>
<include>netscreenfw_rules.xml</include>
<include>sonicwall_rules.xml</include>
<include>postfix_rules.xml</include>
<include>sendmail_rules.xml</include>
<include>imapd_rules.xml</include>
<include>mailscanner_rules.xml</include>
<include>dovecot_rules.xml</include>
<include>ms-exchange_rules.xml</include>
<include>racoon_rules.xml</include>
<include>vpn_concentrator_rules.xml</include>
<include>spamd_rules.xml</include>
<include>msauth_rules.xml</include>
<include>mcafee_av_rules.xml</include>
<include>trend-osce_rules.xml</include>
<include>ms-se_rules.xml</include>
<!-- <include>policy_rules.xml</include> -->
<include>zeus_rules.xml</include>
<include>solaris_bsm_rules.xml</include>
<include>vmware_rules.xml</include>
<include>ms_dhcp_rules.xml</include>
<include>asterisk_rules.xml</include>
<include>ossec_rules.xml</include>
<include>attack_rules.xml</include>
<include>openbsd_rules.xml</include>
<include>clam_av_rules.xml</include>
<!-- <include>bro-ids_rules.xml</include> -->
<include>dropbear_rules.xml</include>
<include>local_rules.xml</include>
</rules>
<agentless>
<type>ssh_hp_diff</type>
<frequency>86400</frequency>
<host>[email protected]</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_hp_diff</type>
<frequency>86400</frequency>
<host>switch_fim_hp@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_hp_diff</type>
<frequency>600</frequency>
<host>switch_fim_hp@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_hp_diff</type>
<frequency>600</frequency>
<host>switch_fim_hp@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
<agentless>
<type>ssh_pixconfig_diff</type>
<frequency>86400</frequency>
<host>switch_fim@</host>
<state>periodic_diff</state>
<arguments>show conf</arguments>
</agentless>
</ossec_config>
