On Wed, Sep 11, 2019 at 7:21 AM Hardik Joshi <[email protected]> wrote: > > Hi, > > i want to windows file monitoring on every server, can you please help me how > to do this? with example please. >
syscheck is enabled by default on Windows systems. What changes are you looking to make to the configuration? > Thanks > Hardik Joshi > 8511113164 > > > On Thu, Jul 11, 2019 at 4:35 PM dan (ddp) <[email protected]> wrote: >> >> On Thu, Jul 11, 2019 at 2:12 AM Hardik Joshi <[email protected]> wrote: >> > >> > Thanks for information. >> > >> > I am unable to found agent.conf file in /var/ossec/etc/shared folder. >> > can you pls provide exact details how to create and configure. >> > >> >> The documentation we currently have for this is pretty sparse. >> >> Use your favorite text editor to create the file on the OSSEC server. >> In that file start with: >> >> <agent_config> >> </agent_config> >> >> Between those 2 lines, enter your configuration. >> For example, to add `/var/test` to the syscheck configuration of all >> agents, use: >> >> <agent_config> >> <syscheck> >> <directories check_all="yes">/var/test</directories> >> </syscheck> >> </agent_config> >> >> Multiple "<agent_config>" blocks can be included in a single agent.conf. >> When the agent.conf is modified, the agent's ossec processes will have >> to be restarted for it to take effect. >> >> To limit which agents the configuration applies to, you can add >> modifiers to the agent_config line. >> There is "os," "name," and "profile" available. >> >> "os" defines the operating system of the agents the configuration will >> apply on. For example you can use "Windows" or "Linux": >> <agent_config os="Windows"> >> >> "name" is the name of an agent. If you want the configuration block to >> apply to a specific agent, use this option. >> <agent_config name="agent007"> >> >> "profile" is a descriptive term that you can use to group agents. The >> agent "subscribes" to the profile in its ossec.conf. >> I haven't used this option in years, so I don't remember how to use it off >> hand. >> >> >> > Thanks >> > Hardik Joshi >> > >> > >> >> Hope this helps. Feel free to watch this space for further updates: >> https://ossec-documentation.readthedocs.io/en/latest/configuration/agent_conf.html >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ossec-list/CAMyQvMpvgO9ts1LDQMBNAMYZDM4vbfCxzXcc%2BvaCyeADfP_HoQ%40mail.gmail.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/CAFjM2gNzHK7q7T%2Btwmp45DQrbAh01fUVhLX_V5ecuBg1ViVWWg%40mail.gmail.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMot6a7tN0VjWTm2A%3DLYWA2mAO0z5GeT0CN7N7AC1Gn1XA%40mail.gmail.com.
