[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-list
Subject: RE: [ossec-list] How can I assign a monitor directory per agent id in OSSEC Windows?
From: Don Hall <dhall () rmscollects ! com>
Date: 2019-02-05 17:51:13
Message-ID: CB14D3FABBEEDC4A8F5FB6DD50A9A399244BC3 () ORD2MBX05E ! mex05 ! mlsrvr ! com
[Download RAW message or body]
Thanks for your response.
We are doing it through Syscheck.
We appreciate your time and effort for the response.
Don Hall
-----Original Message-----
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of \
dan (ddp)
Sent: Friday, February 01, 2019 6:30 AM
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] How can I assign a monitor directory per agent id in OSSEC \
Windows?
On Fri, Feb 1, 2019 at 7:28 AM dan (ddp) <ddpbsd@gmail.com> wrote:
>
> On Mon, Jan 21, 2019 at 4:44 PM Don Hall <dhall@rmscollects.com> wrote:
> >
> > I am configuring OSSEC and have to monitor different agents, residing on \
> > different servers.
> >
> >
> > How can I define the directories to monitor for every agent id or every server \
> > that OSSEC is monitoring,
> > In my environment?
> >
> >
>
> Syscheck or log collector?
>
After thinking about it, I guess this only makes sense for syscheck.
So in the <syscheck> section, add:
<directories check_all="yes">DIRECTORY1,DIRECTORY2,DIRECTORY3</directories>
in the ossec.conf and restart the ossec processes.
> >
> > If you could please send config file snippets or ossec.conf examples that do \
> > such,
> > It would be a great template, to use for the multiple agents.
> >
> >
> >
> > Regards,
> >
> >
> >
> >
> >
> > Don Hall
> >
> > Network Admin
> >
> > RMS
> >
> >
> >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google Groups \
> > "ossec-list" group. To unsubscribe from this group and stop receiving emails from \
> > it, send an email to ossec-list+unsubscribe@googlegroups.com. For more options, \
> > visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic