[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: Re: [ossec-list] Re: How to change the OSSEC installation directory in windows
From: Victor Fernandez <victor () wazuh ! com>
Date: 2016-09-30 11:25:19
Message-ID: 2f8bf270-c3c0-4696-97b6-c9de2b4e6477 () googlegroups ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Dustin.
Since OSSEC is installed onto another partition, and I suppose that it
won't be overwritten when you recreate the C: partition, the OSSEC settings
and the key will remain unaltered.
On the other hand, we are working on a Auth version for Windows clients, so
you are able to request a new key to the manager when the system boots or
if you find a connection issue.
Regards.
Victor.
On Thursday, September 29, 2016 at 7:53:26 PM UTC+2, jose wrote:
>
> Hi Dustin
>
> You can use Wazuh API and one PowerShell script.
>
>
> http://blog.wazuh.com/automatically-deploying-ossec-to-windows-using-wazuh-api/
>
> And in our documentation you have the procedure to install Wazuh RESTful
> API
>
> http://documentation.wazuh.com/en/latest/ossec_api.html
>
> I hope this helps.
>
> Regards
> -----------------------
> Jose Luis Ruiz
> Wazuh Inc.
> jo...@wazuh.com <javascript:>
>
> On September 29, 2016 at 12:55:19 PM, Dustin Church (chur...@gmail.com
> <javascript:>) wrote:
>
> Victor,
>
> I currently have 78 servers that will be recreated nightly using a single
> image. I understand that I can install OSSEC to a secondary partition, but
> how do I handle the keys for each server that is created from the image,
> and ensure proper communication after the image is built without having to
> manually enter the server IP and key for the server at boot time?
>
> On Friday, September 23, 2016 at 4:22:59 AM UTC-6, Victor Fernandez wrote:
> >
> > You may follow these steps:
> >
> > 1. Run the OSSEC installer and click "Next" until you reach the
> > screen "Choose the Install Location".
> > 2. Select the directory where you want to install OSSEC in (another
> > disk partition).
> > 3. Finish the installation steps.
> > 4. At this point, OSSEC has been installed into the partition that
> > you chose, but it has be also registered a service on Windows.
> > 5. Now create the Windows C: drive image (which now contains the
> > OSSEC agent service).
> > 6. You can configure the agents independently.
> >
> > Kind regards.
> > Victor.
> >
> >
> >
> > On Thursday, September 22, 2016 at 12:00:29 PM UTC+2, Eero Volotinen
> > wrote:
> > >
> > > How about modifying the installation package?
> > >
> > > Eero
> > >
> > > 2016-09-22 12:56 GMT+03:00 Victor Fernandez <vic...@wazuh.com>:
> > >
> > > > Hi,
> > > >
> > > > when you run the OSSEC installer for Windows, you can choose the
> > > > location where OSSEC will be installed. This shouldn't be a problem.
> > > >
> > > > Since OSSEC registers a background service on Windows, you should first
> > > > install OSSEC into another partition and then create the C:\ drive image.
> > > >
> > > > Hope it helps.
> > > > Best regards.
> > > >
> > > > Victor.
> > > >
> > > >
> > > >
> > > > On Thursday, September 22, 2016 at 10:13:30 AM UTC+2, vikas wrote:
> > > > >
> > > > > Hello all,
> > > > >
> > > > > We have a group of servers where the C:/ drive gets re-imaged daily
> > > > > with a standard image. Since its going to be same image that all the
> > > > > servers use, not sure how to make OSSEC part of that image and avoid
> > > > > agent-server registration issues. So we wanted to install it on a different \
> > > > > drive to avoid the complications, but couldn't find an option to specify
> > > > > custom path for installation. Is it possible?
> > > > >
> > > > > Thank you for your help!
> > > > >
> > > > --
> > > >
> > > > ---
> > > > You received this message because you are subscribed to the Google
> > > > Groups "ossec-list" group.
> > > > To unsubscribe from this group and stop receiving emails from it, send
> > > > an email to ossec-list+...@googlegroups.com.
> > > > For more options, visit https://groups.google.com/d/optout.
> > > >
> > >
> > > --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com <javascript:>.
> For more options, visit https://groups.google.com/d/optout.
>
>
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
[Attachment #5 (text/html)]
<div dir="ltr">Hi Dustin.<br><br>Since OSSEC is installed onto another partition, and \
I suppose that it won't be overwritten when you recreate the C: partition, the \
OSSEC settings and the key will remain unaltered.<br><br>On the other hand, we are \
working on a Auth version for Windows clients, so you are able to request a new key \
to the manager when the system boots or if you find a connection \
issue.<br><br>Regards.<br>Victor.<br><br><br>On Thursday, September 29, 2016 at \
7:53:26 PM UTC+2, jose wrote:<blockquote class="gmail_quote" style="margin: \
0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;"><div \
style="word-wrap:break-word"><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Hi \
Dustin</div><div style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">You \
can use Wazuh API and one PowerShell script.</div><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><a \
href="http://blog.wazuh.com/automatically-deploying-ossec-to-windows-using-wazuh-api/" \
target="_blank" rel="nofollow" \
onmousedown="this.href='http://www.google.com/url?q\x3dhttp%3A%2F%2Fblog.wazuh.com \
%2Fautomatically-deploying-ossec-to-windows-using-wazuh-api%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEHENOcDu2eVhQc2va14qd2o6vHZw';return \
true;" onclick="this.href='http://www.google.com/url?q\x3dhttp%3A%2F%2Fblog.wazuh. \
com%2Fautomatically-deploying-ossec-to-windows-using-wazuh-api%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNEHENOcDu2eVhQc2va14qd2o6vHZw';return \
true;">http://blog.wazuh.com/<wbr>automatically-deploying-ossec-<wbr>to-windows-using-wazuh-api/</a></div><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">And \
in our documentation you have the procedure to install Wazuh RESTful API</div><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><a \
href="http://documentation.wazuh.com/en/latest/ossec_api.html" target="_blank" \
rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\x3dhttp%3A%2F%2 \
Fdocumentation.wazuh.com%2Fen%2Flatest%2Fossec_api.html\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH8612v7SkX8tjxH_VehElF3fwrvQ';return \
true;" onclick="this.href='http://www.google.com/url?q\x3dhttp%3A%2F%2Fdocumentati \
on.wazuh.com%2Fen%2Flatest%2Fossec_api.html\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH8612v7SkX8tjxH_VehElF3fwrvQ';return \
true;">http://documentation.wazuh.<wbr>com/en/latest/ossec_api.html</a></div><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div \
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">I \
hope this helps.</div> <br> <div><div style="font-family:'helvetica \
Neue',helvetica;font-size:14px;word-wrap:break-word">Regards</div><div \
style="font-family:'helvetica \
Neue',helvetica;font-size:14px;word-wrap:break-word">-----------------------</div><div \
style="font-family:'helvetica \
Neue',helvetica;font-size:14px;word-wrap:break-word">Jose Luis Ruiz<br>Wazuh \
Inc.<br><a href="javascript:" target="_blank" gdf-obfuscated-mailto="aGdYwWmXCwAJ" \
rel="nofollow" onmousedown="this.href='javascript:';return true;" \
onclick="this.href='javascript:';return \
true;">jo...@wazuh.com</a></div></div> <br><p>On September 29, 2016 at 12:55:19 PM, \
Dustin Church (<a href="javascript:" target="_blank" \
gdf-obfuscated-mailto="aGdYwWmXCwAJ" rel="nofollow" \
onmousedown="this.href='javascript:';return true;" \
onclick="this.href='javascript:';return true;">chur...@gmail.com</a>) \
wrote:</p> <blockquote type="cite"><span><div><div></div><div>
<div dir="ltr">Victor,
<div><br></div>
<div>I currently have 78 servers that will be recreated nightly
using a single image. I understand that I can install OSSEC to a
secondary partition, but how do I handle the keys for each server
that is created from the image, and ensure proper communication
after the image is built without having to manually enter the
server IP and key for the server at boot time?<br>
<br>
On Friday, September 23, 2016 at 4:22:59 AM UTC-6, Victor Fernandez
wrote:
<blockquote class="gmail_quote" style="margin:0;margin-left:0.8ex;border-left:1px \
#ccc solid;padding-left:1ex"> <div dir="ltr">You may follow these steps:<br>
<ol>
<li>Run the OSSEC installer and click "Next" until you reach the
screen "Choose the Install Location".</li>
<li>Select the directory where you want to install OSSEC in
(another disk partition).<br></li>
<li>Finish the installation steps.</li>
<li>At this point, OSSEC has been installed into the partition that
you chose, but it has be also registered a service on Windows.</li>
<li>Now create the Windows C: drive image (which now contains the
OSSEC agent service).</li>
<li>You can configure the agents independently.<br></li>
</ol>
Kind regards.<br>
Victor.<br>
<br>
<br>
<br>
On Thursday, September 22, 2016 at 12:00:29 PM UTC+2, Eero
Volotinen wrote:
<blockquote class="gmail_quote" style="margin:0;margin-left:0.8ex;border-left:1px \
#ccc solid;padding-left:1ex"> <div dir="ltr">
<div>How about modifying the installation package?<br>
<br></div>
Eero<br></div>
<div><br>
<div class="gmail_quote">2016-09-22 12:56 GMT+03:00 Victor
Fernandez <span dir="ltr"><<a rel="nofollow">vic...@wazuh.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> <div dir="ltr">Hi,<br>
<br>
when you run the OSSEC installer for Windows, you can choose the
location where OSSEC will be installed. This shouldn't be a
problem.<br>
<br>
Since OSSEC registers a background service on Windows, you should
first install OSSEC into another partition and then create the C:\
drive image.<br>
<br>
Hope it helps.<br>
Best regards.<span><font color="#888888"><br>
<br>
Victor.</font></span>
<div>
<div><br>
<br>
<br>
On Thursday, September 22, 2016 at 10:13:30 AM UTC+2, vikas wrote:
<blockquote class="gmail_quote" style="margin:0;margin-left:0.8ex;border-left:1px \
#ccc solid;padding-left:1ex"> <div dir="ltr">Hello all,
<div><br></div>
<div>We have a group of servers where the C:/ drive gets re-imaged
daily with a standard image. Since its going to be same image that
all the servers use, not sure how to make OSSEC part of that image
and avoid agent-server registration issues. So we wanted to install
it on a different drive to avoid the complications, but couldn't
find an option to specify custom path for installation. Is it
possible? </div>
<div><br></div>
<div>Thank you for your help!</div>
</div>
</blockquote>
</div>
</div>
</div>
<div>
<div>--<br>
<br>
---<br>
You received this message because you are subscribed to the Google
Groups "ossec-list" group.<br>
To unsubscribe from this group and stop receiving emails from it,
send an email to <a rel="nofollow">ossec-list+...@googlegroups.<wbr>com</a>.<br>
For more options, visit <a href="https://groups.google.com/d/optout" rel="nofollow" \
target="_blank" onmousedown="this.href='https://groups.google.com/d/optout';return \
true;" onclick="this.href='https://groups.google.com/d/optout';return \
true;">https://groups.google.com/d/<wbr>optout</a>.<br> </div>
</div>
</blockquote>
</div>
<br></div>
</blockquote>
</div>
</blockquote>
</div>
</div>
--<br>
<br>
---<br>
You received this message because you are subscribed to the Google
Groups "ossec-list" group.<br>
To unsubscribe from this group and stop receiving emails from it,
send an email to <a href="javascript:" target="_blank" \
gdf-obfuscated-mailto="aGdYwWmXCwAJ" rel="nofollow" \
onmousedown="this.href='javascript:';return true;" \
onclick="this.href='javascript:';return \
true;">ossec-list+...@<wbr>googlegroups.com</a>.<br>
For more options, visit <a href="https://groups.google.com/d/optout" target="_blank" \
rel="nofollow" onmousedown="this.href='https://groups.google.com/d/optout';return \
true;" onclick="this.href='https://groups.google.com/d/optout';return \
true;">https://groups.google.com/d/<wbr>optout</a>.<br>
</div></div></span></blockquote></div>
</blockquote></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
"ossec-list" group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to <a \
href="mailto:ossec-list+unsubscribe@googlegroups.com">ossec-list+unsubscribe@googlegroups.com</a>.<br \
/> For more options, visit <a \
href="https://groups.google.com/d/optout">https://groups.google.com/d/optout</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic