Hi All,
new to this list and I have a question:
will the agent_config name field except regex expressions?
I found a post by Daniel Cid with this reference:
/var/log/my.log
syslog
so I was hoping to build a stanza in agent.conf like this:
blah, blah.
to get the prodAB002, prodCD002,
Old thread. Did it end up working out? We're having trouble with the
sockets being on NFS even just restarting ossec on the same host (let alone
on 5).
On Tuesday, June 24, 2014 at 6:17:52 PM UTC+2, Roy Feintuch wrote:
>
> Just saw this thread and wish to add my 2 cents:
> - Syscheck: there is
Hello!
I'm trying to institute some automatic failover for OSSEC and we're using
amazon's elastic files share as the persistence layer for ossec. Right now
we have the whole /var/ossec directory symlinked to a directory that exists
on the NFS mount.
When we restart the ossec service on the
Hello,
The "ossec/queue" file is actually a socket that *ossec-agentd* creates to
allow *Syscheck *and *Logcollector *to send data. Then *ossec-agentd* delivers
that data to the manager.
When you launched "/usr/local/ossec-hids/bin/ossec-control start", the
application logged that *ossec-execd*
