On Thu, May 30, 2019 at 1:41 PM Kris Springer <[email protected]> wrote: > > I've got Windows Ossec agents figured out, but I can't seem to find any good > instructions on how to configure Linux agents. > > I installed the ossec agent on one of my linux boxes (ubuntu server) as > instructed here. > https://www.ossec.net/downloads/#apt-automated-installation-on-ubuntu-and-debian > > wget -q -O - https://updates.atomicorp.com/installers/atomic | sudo bash > > sudo apt update > > sudo apt-get install ossec-hids-agent > > > That seemed to install fine, but where do I define the server and enter the > agent key? And how do I start the agent? > The documentation found here isn't very helpful. > https://www.ossec.net/docs/ > > I found a 'sample' ossec.conf file in /var/ossec/etc/ > Is that what I'm supposed to edit? > > service ossec status shows it's 'inactive'. Am I supposed to manually start > it? > > The documentation seems inadequate. Can someone please give me some > specifics? >
The configuration is in `/var/ossec/etc/ossec.conf` Add a key with `/var/ossec/bin/manage_agents` or with `/var/ossec/bin/agent-auth` Sorry about the documentation, I've been busy. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/d58a0a9c-1c79-4e64-b922-a43066a4a280%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMr3orx2Aj67MOpGBFpa1sBnQvrSA4GhDYoruLvXrPMvQg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
