On Aug 22, 2017 11:55 AM, "Leroy Tennison" <[email protected]> wrote:
Thank you for your reply, sadly, that's exactly what I've done (doubled up). I'll go fix that. Correct me if I'm wrong but, from your reply, it appears that I need to examine both the manager's agent.conf as well as the agent's ossec.conf to determine the "effective" configuration. That is correct. Unfortunately that would be correct in any conceivable scenario I can come up with. At best you can minimize the ossec.conf and utilize the agent.conf as much as possible. On Monday, August 21, 2017 at 5:40:53 PM UTC-5, dan (ddpbsd) wrote: > > > > On Aug 21, 2017 4:39 PM, "Leroy Tennison" <[email protected]> wrote: > > I have added to /var/ossec/etc/shared/agent.conf a profile for a class of > machine and updated the agent's ossec.conf with the config-profile in the > <client> block. > > Do I need to remove the <syscheck>, <rootcheck> and all <localfile> > entries on the client or will the manager simply override them? Is the > result "either (the manager configuration)/or (the agent configuration)" or > cumulative (both components apply? > > > Cumulative. All options are applied. It is important syscheck entries are > not doubled up. > > Changing the agent.conf to over-riding ossec.conf options is something I > am interesred in, but javen't had time for. > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
