On Fri, Jan 5, 2018 at 4:06 PM, <[email protected]> wrote: > Hello All > > I have figured that I need to have profiles. > > I know what I need to do in the ossec.conf file on the agent server. > > What do I need to change on my master server. Do I create multiple > agent.conf files and with in there declare what I want to be watched. >
There should be 1 agent.conf on the OSSEC server in /var/ossec/etc/shared. All of the configurations will be saved there, and each agent will receive all of the configurations. Each agent will only use the configurations it has been configured to use. > I hope I am making since cause this is the last step for me before I start a > roll out. > > I need to make sure that the master server which would contain all agent > config. > > Any help would be great please > > Thanks > Chuck > > On Friday, January 5, 2018 at 10:14:08 AM UTC-5, [email protected] > wrote: >> >> Hello All >> >> I have a simple question and excuse me cause I am a NOOB with OSSEC. >> >> My question is about centralized agent Configuration. >> >> 1. Can you use a wild card for the agent name in the agent.conf ? >> >> 2. Why is this needed in the agent.conf file >> <location>/var/log/my.log2</location> >> >> 3. How do you designate the correct agent.conf file to use for the >> different type of servers, I am all linux shop but I am looking at >> monitoring directories for my DB's and Webservers. >> >> I have not been able to find and get a grasp on this. >> >> Any help would be great !! >> >> Thanks >> Chuck > > > ________________________________ > > This email and any files transmitted with it are considered privileged and > confidential unless otherwise explicitly stated otherwise. If you are not > the intended recipient you are notified that disclosing, copying, > distributing or taking any action in reliance on the contents of this > information is strictly prohibited. All email data and contents may be > monitored to ensure that their use is authorized, for management of the > system, to facilitate protection against unauthorized use, and to verify > security procedures, survivability and operational security. Under no > circumstance should the user of this email have an expectation of privacy > for this correspondence. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
