• Support
  • Forums
  • Blogs

SYSCHECKS config is not propagating to agents

anton-lganton-lg

New Life Form
Hi - I have the latest USM 4.13 and I just rolled out a bunch of linux HIDS agents.  They are all communicating fine with the server, catching events.  However, if you go to Environment -> Detection -> HIDS -> Agents - SYSCHECKS - I would like to add a few directories to monitor and from the GUI looks like I did, and it saved.  However after I go to the agents (say 1 day later) and look in the /var/ossec/etc/ossec-agent.conf I do not see these directories being added.

So question - do I add them manually from linux, or is the page SYSCHECKS supposed to take care of it but does not?

Share post:

Best Answer

  • Answer ✓
    Looks like the AV server pushes config file to HIDS once HIDS agent restarts, without actually updating the local ossec-agent.conf file.  Evidenced in the logs.

    Solved.
Sign In or Register to comment.