On Fri, Dec 14, 2018 at 5:17 PM Pruthvi Raj <[email protected]> wrote: > > Hi All, > > > I am very new to OSSEC-HIDS where i was installed on ubuntu , i see alerts > and windows login events . > > But i need to check FIM on windows agents so i created manually called > agent.conf (in /var/ossec/etc/shared) but when i make entry here it was not > pushing to available agents. >
Check the ossec.log of the agent you're trying to push to. It may contain hints as to what is happening. Also, check the contents of merged.mg on the agent. It's a plain text file and should contain the contents of the agent.conf file. > Note: when i add in agent config by manually any directory or file it > waorking perfectly and alerting & In unbuntu its working as expected in same > location i kept Linux agent config in /var/ossec/etc/shared) . > > <agent_config os="Linux"> > <localfile> > <location>/home/riggsc/test/test.txt</location> > <log_format>syslog</log_format> > </localfile> > <syscheck> > <directories realtime="yes" report_changes="yes" > check_all="yes">/home/riggsc/test</directories> > </syscheck> > </agent_config> > > <agent_config os="Windows"> > <localfile> > <location>C:\test</location> > <log_format>syslog</log_format> > </localfile> > <syscheck> > <directories check_all="yes" real_time="yes">C:\test</directories> > <directories check_all="yes" real_time="yes">C:\raj-ossec</directories> > </syscheck> > </agent_config> > > Please help > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
