Ignore ossec.conf and use only agent.conf

[Cláudio Lopes]

Hello guys,

I hope all you are good.

I need know if have any way  for ignore default config in ossec.conf and use just config centralized in agent.conf.

I have many agents with configure default, but i would like know if has any way to config it without erase config ossec.conf each agent.

Thanks 

[Bin Do Tuan Anh]

Hi, 

Please let me know what configuration you would want to ignore. 

The Centralized configuration will overwrite the agent's configuration in case they are conflicting with each other. 

So it is possible to use agent.conf to overwrite default agent's configuration that you do not need. For example, for FIM you can set the <ignore> tag. There are some configurations (like Vulnerability Detection) can be disabled/enabled with the specific tag. For Log Collection you can "break" the monitoring by setting the wrong <log_format> (for example instead of syslog - you change it to json, and vice versa). 

Please let me know if you have any questions. 

Best regards,

Bin.