OSSEC syscheck on defined Agent

35 views
Skip to first unread message

amar haq

unread,
Nov 14, 2017, 8:53:56 AM11/14/17
to ossec-list
Dear All

Could OSSEC perform syscheck for File Integration Monitoring on specific agent. let's say I have 5 servers.Server A,B,C,D,E.
on server A , I just want to monitor /var/www/html/Demo/demo.db.
on server B, i want to monitor only /ngingx/index.html.
on Server C, i want to monitor /var/www/html/XYZ.xx, etc


could you help me? because I read that Active rsponse have <agent_id> tag to define specific agent.

thankyou.
Amar.

Leroy Tennison

unread,
Dec 1, 2017, 4:45:56 PM12/1/17
to ossec-list
You need to clarify, are these servers agents?  If so then you need to look into config-profile for the agent configuration.  Define different profiles in the manager's /var/ossec/etc/shared/agent.conf and specify the appropriate profile for the agent it it's ossec.conf using config-profile.

dan (ddp)

unread,
Dec 3, 2017, 4:25:27 PM12/3/17
to ossec...@googlegroups.com
On Tue, Nov 14, 2017 at 8:53 AM, amar haq <amar...@gmail.com> wrote:
> Dear All
>
> Could OSSEC perform syscheck for File Integration Monitoring on specific
> agent. let's say I have 5 servers.Server A,B,C,D,E.
> on server A , I just want to monitor /var/www/html/Demo/demo.db.

In server A's ossec.conf, include a <directories> entry for this.

> on server B, i want to monitor only /ngingx/index.html.

On server B, include a <directories> entry for this.

> on Server C, i want to monitor /var/www/html/XYZ.xx, etc

On server C include a <directories> entry for this.

Alternatively, you can include these in the agent.conf. There is a way
to limit it to specific agents, but I can't remember the specifics off
hand.

>
>
> could you help me? because I read that Active rsponse have <agent_id> tag to
> define specific agent.
>

I'm not sure what active response has to do with the syscheck questions.

> thankyou.
> Amar.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-list+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

amar haq

unread,
Dec 6, 2017, 11:06:20 PM12/6/17
to ossec-list
Thanks Dan.. its really help.
Reply all
Reply to author
Forward
0 new messages