On Thu, Nov 2, 2017 at 2:12 PM, Eddi Bento <[email protected]> wrote: > Hello. > > I'm trying to set up a proof of concept for OSSEC. It's all set up and > monitoring a few computers, but I can't seem to get the agent.conf file to > push. Originally, I was told to copy the ossec.conf file on the Manager and > remove the Global entries on it. Since then, I've completely killed the > file and created an empty agent.conf that has the following: > > <agent_config name="agent01"> > <localfile> > <location>C:\OSSEC-Test\something.log</location> > <log_format>syslog</log_format> > </localfile> > </agent_config> > > This is only line as I want to get this one file monitored first before I > continue. I save this file and restart OSSEC. > > When I run: > > agent_control -i 002 > > (where 002 is the AgentID for agent01) > > ..it never updates the MD5 Checksum of this file next to Client Version: > OSSEC HIDS v2.9.2 > > Does anyone have an idea on what I'm doing wrong? Is there an place where I > can see in the log that the agent.conf push fails? >
Check permission/ownership in the /var/ossec/etc/shared directory. Check the md5 of the /var/ossec/etc/shared/merged.mg file, see if they match. If they do there is probably a permissions issue preventing it from being unpacked properly. If you turn on debug there might be some logs about it, but not sure. > Regards, > Eddi > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
