Hi, i want to windows file monitoring on every server, can you please help me how to do this? with example please.
Thanks Hardik Joshi 8511113164 On Thu, Jul 11, 2019 at 4:35 PM dan (ddp) <[email protected]> wrote: > On Thu, Jul 11, 2019 at 2:12 AM Hardik Joshi <[email protected]> wrote: > > > > Thanks for information. > > > > I am unable to found agent.conf file in /var/ossec/etc/shared folder. > can you pls provide exact details how to create and configure. > > > > The documentation we currently have for this is pretty sparse. > > Use your favorite text editor to create the file on the OSSEC server. > In that file start with: > > <agent_config> > </agent_config> > > Between those 2 lines, enter your configuration. > For example, to add `/var/test` to the syscheck configuration of all > agents, use: > > <agent_config> > <syscheck> > <directories check_all="yes">/var/test</directories> > </syscheck> > </agent_config> > > Multiple "<agent_config>" blocks can be included in a single agent.conf. > When the agent.conf is modified, the agent's ossec processes will have > to be restarted for it to take effect. > > To limit which agents the configuration applies to, you can add > modifiers to the agent_config line. > There is "os," "name," and "profile" available. > > "os" defines the operating system of the agents the configuration will > apply on. For example you can use "Windows" or "Linux": > <agent_config os="Windows"> > > "name" is the name of an agent. If you want the configuration block to > apply to a specific agent, use this option. > <agent_config name="agent007"> > > "profile" is a descriptive term that you can use to group agents. The > agent "subscribes" to the profile in its ossec.conf. > I haven't used this option in years, so I don't remember how to use it off > hand. > > > > Thanks > > Hardik Joshi > > > > > > Hope this helps. Feel free to watch this space for further updates: > > https://ossec-documentation.readthedocs.io/en/latest/configuration/agent_conf.html > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAMyQvMpvgO9ts1LDQMBNAMYZDM4vbfCxzXcc%2BvaCyeADfP_HoQ%40mail.gmail.com > . > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAFjM2gNzHK7q7T%2Btwmp45DQrbAh01fUVhLX_V5ecuBg1ViVWWg%40mail.gmail.com.
