Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ############################################################
- #
- # Splunk for OSSEC server configuration
- #
- ############################################################
- #
- # Fields:
- # [title] : Section header will also be used as the hostname
- # '_local' can be used as a macro to automatically
- # fill in the system's unqualified hostname
- # DISABLED : Boolean. If True, stanza will be ignored.
- # AGENT_CONTROL : Command-line to run manage_agents without a password prompt
- # MANAGE_AGENTS : Command-line to run agent_control -l without a password prompt
- #
- #
- # Local server, with automatically determined hostname
- # Uncomment the second line to enable agent management.
- #
- [_local]
- AGENT_CONTROL = sudo /var/ossec/bin/agent_control -l
- MANAGE_AGENTS = sudo /var/ossec/bin/manage_agents
- ###
- ### Local server, with explicitly set name
- ###
- #[myhostname]
- #MANAGE_AGENTS = sudo /var/ossec/bin/manage_agents
- #AGENT_CONTROL = sudo /var/ossec/bin/agent_control -l
- ###
- ### Remote server, with SSH key-based authentication and sudo
- ###
- #[remoteservername]
- #MANAGE_AGENTS = sudo /var/ossec/bin/manage_agents
- #AGENT_CONTROL = ssh nossec -t -l splunk -i /etc/splunk-poller/id_splunk sudo /var/ossec/bin/agent_control -l
- [s_3_118]
- AGENT_CONTROL = ssh -t 192.168.3.118 -l ossec_for_splunk 'sudo /var/ossec/bin/agent_control -l'
- MANAGE_AGENTS = ssh -t 192.168.3.118 -l ossec_for_splunk 'sudo /var/ossec/bin/manage_agents'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement