'RE: [ossec-list] How can I assign a monitor directory per agent id in OSSEC Windows?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ossec-list
Subject:    RE: [ossec-list] How can I assign a monitor directory per agent id in OSSEC Windows?
From:       Don Hall <dhall () rmscollects ! com>
Date:       2019-02-05 17:51:13
Message-ID: CB14D3FABBEEDC4A8F5FB6DD50A9A399244BC3 () ORD2MBX05E ! mex05 ! mlsrvr ! com
[Download RAW message or body]

Thanks for your response.
We are doing it through Syscheck.
We appreciate your time and effort for the response.


Don Hall


-----Original Message-----
From: ossec-list@googlegroups.com [mailto:ossec-list@googlegroups.com] On Behalf Of \
                dan (ddp)
Sent: Friday, February 01, 2019 6:30 AM
To: ossec-list@googlegroups.com
Subject: Re: [ossec-list] How can I assign a monitor directory per agent id in OSSEC \
Windows?

On Fri, Feb 1, 2019 at 7:28 AM dan (ddp) <ddpbsd@gmail.com> wrote:
> 
> On Mon, Jan 21, 2019 at 4:44 PM Don Hall <dhall@rmscollects.com> wrote:
> > 
> > I am configuring OSSEC and have to monitor different agents, residing on \
> > different servers. 
> > 
> > 
> > How can I define the directories to monitor for every agent id or every server \
> > that OSSEC is monitoring, 
> > In my environment?
> > 
> > 
> 
> Syscheck or log collector?
> 

After thinking about it, I guess this only makes sense for syscheck.

So in the <syscheck> section, add:
<directories check_all="yes">DIRECTORY1,DIRECTORY2,DIRECTORY3</directories>
in the ossec.conf and restart the ossec processes.

> > 
> > If you could please send config file snippets or ossec.conf examples that do \
> > such, 
> > It would be a great template, to use for the multiple agents.
> > 
> > 
> > 
> > Regards,
> > 
> > 
> > 
> > 
> > 
> > Don Hall
> > 
> > Network Admin
> > 
> > RMS
> > 
> > 
> > 
> > --
> > 
> > ---
> > You received this message because you are subscribed to the Google Groups \
> > "ossec-list" group. To unsubscribe from this group and stop receiving emails from \
> > it, send an email to ossec-list+unsubscribe@googlegroups.com. For more options, \
> > visit https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.

-- 

--- 
You received this message because you are subscribed to the Google Groups \
"ossec-list" group. To unsubscribe from this group and stop receiving emails from it, \
send an email to ossec-list+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic