############################################################
#
# Splunk for OSSEC server configuration
#
############################################################
#
# Fields:
#    [title]        : Section header will also be used as the hostname
#                       '_local' can be used as a macro to automatically
#			fill in the system's unqualified hostname
#    DISABLED       : Boolean. If True, stanza will be ignored.
#    AGENT_CONTROL  : Command-line to run manage_agents without a password prompt
#    MANAGE_AGENTS  : Command-line to run agent_control -l without a password prompt
#



#
# Local server, with automatically determined hostname
# Uncomment the second line to enable agent management.
#

[_local]
AGENT_CONTROL = sudo /var/ossec/bin/agent_control -l
MANAGE_AGENTS = sudo /var/ossec/bin/manage_agents




###
### Local server, with explicitly set name
###
#[myhostname]
#MANAGE_AGENTS = sudo /var/ossec/bin/manage_agents
#AGENT_CONTROL = sudo /var/ossec/bin/agent_control -l



###
### Remote server, with SSH key-based authentication and sudo
###
#[remoteservername]
#MANAGE_AGENTS = sudo /var/ossec/bin/manage_agents
#AGENT_CONTROL = ssh nossec -t -l splunk -i /etc/splunk-poller/id_splunk sudo /var/ossec/bin/agent_control -l

[s_3_118]
AGENT_CONTROL = ssh -t 192.168.3.118 -l ossec_for_splunk 'sudo /var/ossec/bin/agent_control -l'
MANAGE_AGENTS = ssh -t 192.168.3.118 -l ossec_for_splunk 'sudo /var/ossec/bin/manage_agents'