etc/ossec-agent.conf

   1 <!-- OSSEC example config -->
   2
   3 <ossec_config>
   4   <client>
   5     <server-ip>192.168.10.100</server-ip>
   6   </client>
   7
   8   <syscheck>
   9     <!-- Frequency that syscheck is executed -- default every 2 hours -->
  10     <frequency>7200</frequency>
  11
  12     <!-- Directories to check  (perform all possible verifications) -->
  13     <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
  14     <directories check_all="yes">/bin,/sbin</directories>
  15
  16     <!-- Files/directories to ignore -->
  17     <ignore>/etc/mtab</ignore>
  18     <ignore>/etc/hosts.deny</ignore>
  19     <ignore>/etc/mail/statistics</ignore>
  20     <ignore>/etc/random-seed</ignore>
  21     <ignore>/etc/adjtime</ignore>
  22     <ignore>/etc/httpd/logs</ignore>
  23   </syscheck>
  24
  25   <rootcheck>
  26     <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
  27     <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
  28   </rootcheck>
  29
  30   <localfile>
  31     <log_format>syslog</log_format>
  32     <location>/var/log/messages</location>
  33   </localfile>
  34
  35   <localfile>
  36     <log_format>syslog</log_format>
  37     <location>/var/log/authlog</location>
  38   </localfile>
  39
  40   <localfile>
  41     <log_format>syslog</log_format>
  42     <location>/var/log/secure</location>
  43   </localfile>
  44
  45   <localfile>
  46     <log_format>syslog</log_format>
  47     <location>/var/log/xferlog</location>
  48   </localfile>
  49
  50   <localfile>
  51     <log_format>syslog</log_format>
  52     <location>/var/log/maillog</location>
  53   </localfile>
  54
  55   <localfile>
  56     <log_format>apache</log_format>
  57     <location>/var/www/logs/access_log</location>
  58   </localfile>
  59
  60   <localfile>
  61     <log_format>apache</log_format>
  62     <location>/var/www/logs/error_log</location>
  63   </localfile>
  64 </ossec_config>