On Tue, Oct 25, 2016 at 1:05 PM, Matt wrote:
> I posted the agent ossec.conf on the windows server in my first posting,
> here is how it's presently configured.
>
>
>
>
> 16200
If the agent isn't respecting the frequency in its ossec.conf, this is
a problem.
Unfortunately I don't hav
I posted the agent ossec.conf on the windows server in my first posting,
here is how it's presently configured.
16200
yes
no
no
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this gr
On Tue, Oct 25, 2016 at 12:29 PM, Matt wrote:
> It's my understanding it needed to be configure don the agent? Following is
What needed to be configured on the agent? Which specific settings
were you referencing in your previous email?
Some settings get set on the agent, some on the server. Which
It's my understanding it needed to be configure don the agent? Following is
anything I can see as remotely pertinent in the Ossec.conf file on the
OSSEC server. I'm not including sections referencing the rules and
directories to monitor and ignore (which I didn't modify).
yes
5000
On Tue, Oct 25, 2016 at 11:03 AM, Matt wrote:
> I can definitely confirm that the FIM scan ISN'T paying attention to the
> ossec.conf file on the Windows agent. Instead it is running based off the
> config of the OSSEC Master server. Pasting in config from windows agent.
> And I did add the new f
I can definitely confirm that the FIM scan ISN'T paying attention to the
ossec.conf file on the Windows agent. Instead it is running based off the
config of the OSSEC Master server. Pasting in config from windows agent.
And I did add the new file and ignore flag to the master, just didn't
remo
I can not definitely confirm that the FIM scan ISN'T paying attention to
the ossec.conf file on the Windows agent. Instead it is running based off
the config of the OSSEC Master server. Pasting in config from windows
agent. And I did add the new file and ignore flag to the master, just
didn't
On Oct 19, 2016 12:08 PM, "Matt" wrote:
>
> Thank you both, I appreciate it.
>
> I added the config to the global file instead of the local file.
>
> So, I think realtime is behaving now, but not the rest. It's my
understanding the scan frequency for the agent is set on the agent, not the
global l
On Fri, Oct 14, 2016 at 5:52 PM, Matt wrote:
> Realtime monitoring seems to be working now that I've adjusted the scan
> frequency. Earlier the scan frequency was 4 hours, then 10 minutes. It's now
> 20 minutes and realtime now seems to work. I don't claim it makes sense,
> it's just what I'm obse