subject:"\[ossec\-list\] Removing agent by deleting line in client.keys\?"

Re: [ossec-list] Removing agent by deleting line in client.keys?

2016-02-23 Thread Barry Kaplan

Ok, thanks Pedro. I have changed the role to use 'manage_agents -r' and to 
restart the ossec server. Much nicer.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Removing agent by deleting line in client.keys?

2016-02-23 Thread Pedro S

Hi Barry,

You can run manage_agents with option "-r" and it will remove an agent, so 
you can create some scripts to automatize the process.

/var/ossec/bin/manage_agents -r AGENTID

OSSEC has internally a hash table with client.keys table, removing manually 
from client.keys or using manage_agents -r in both cases you will need to 
restart OSSEC Manager to apply changes.

On Monday, February 22, 2016 at 7:21:57 AM UTC+1, Barry Kaplan wrote:
>
> Thanks! Of course it would be much nicer manage_agents was a little nicer 
> to automation...
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Removing agent by deleting line in client.keys?

2016-02-21 Thread Barry Kaplan

Thanks! Of course it would be much nicer manage_agents was a little nicer 
to automation...

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Removing agent by deleting line in client.keys?

2016-02-21 Thread Santiago Bassett

Short answer yes, deleting it from client.keys is enough.

On the other hand, although it is not necessary, there are also some
residual files you might want to delete as well. Those are in
/var/ossec/queue/rids (message counters), /var/ossec/queue/syscheck (fim
database), /var/ossec/queue/rootcheck (rootchecks database) and
/var/ossec/queue/agent-info. Look for the files specific to your agent, do
not delete everything in those directories.

Best


On Sun, Feb 21, 2016 at 6:59 AM, Barry Kaplan  wrote:

> Can I remove a registered agent by simply deleting the line in
> client.keys? That is, skipping the manage_agents program?
>
> I am just adding the last few edge cases to our ansible provisioning of
> ossec. My current edge case is when an
> instance has been destroyed and rebuilt. In this case the name would be
> the same but the IP address will
> almost certainly be different (this is on AWS).
>
> It would be way way easier to remove the line from client.keys that figure
> out to automate manage_agents.
> It seems that the environment variable mechanism does not support removing
> agents.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ossec-list] Removing agent by deleting line in client.keys?

2016-02-21 Thread Barry Kaplan

Can I remove a registered agent by simply deleting the line in client.keys? 
That is, skipping the manage_agents program?

I am just adding the last few edge cases to our ansible provisioning of 
ossec. My current edge case is when an
instance has been destroyed and rebuilt. In this case the name would be the 
same but the IP address will
almost certainly be different (this is on AWS). 

It would be way way easier to remove the line from client.keys that figure 
out to automate manage_agents.
It seems that the environment variable mechanism does not support removing 
agents.

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ossec-list] Removing agent by deleting line in client.keys?

Re: [ossec-list] Removing agent by deleting line in client.keys?

Re: [ossec-list] Removing agent by deleting line in client.keys?

Re: [ossec-list] Removing agent by deleting line in client.keys?

[ossec-list] Removing agent by deleting line in client.keys?

5 matches

Site Navigation

Mail list logo

Footer information