Hi All,
I am very new to OSSEC-HIDS where i was installed on ubuntu , i see alerts
and windows login events .
But i need to check FIM on windows agents so i created manually called
agent.conf (in /var/ossec/etc/shared) but when i make entry here it was not
pushing to available agents.
Note: when i add in agent config by manually any directory or file it
waorking perfectly and alerting & In unbuntu its working as expected in
same location i kept Linux agent config in /var/ossec/etc/shared) .
<agent_config os="Linux">
<localfile>
<location>/home/riggsc/test/test.txt</location>
<log_format>syslog</log_format>
</localfile>
<syscheck>
<directories realtime="yes" report_changes="yes"
check_all="yes">/home/riggsc/test</directories>
</syscheck>
</agent_config>
<agent_config os="Windows">
<localfile>
<location>C:\test</location>
<log_format>syslog</log_format>
</localfile>
<syscheck>
<directories check_all="yes" real_time="yes">C:\test</directories>
<directories check_all="yes" real_time="yes">C:\raj-ossec</directories>
</syscheck>
</agent_config>
Please help
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
