Scribd Logo
Carica

Benvenuto in Scribd!

  • Manual Agent Control Tool

    Caricato da

    Devin Fifield
    13 visualizzazioni2 pagine
    Agent_control tool allows you to query and get information from any agent you have configured on your server. It also allows you to restart (run now) the syscheck / rootcheck scan on any agent.

    Descrizione originale:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Agent_control tool allows you to query and get information from any agent you have configured on your server. It also allows you to restart (run now) the syscheck / rootcheck scan on any agent.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    13 visualizzazioni2 pagine

    Manual Agent Control Tool

    Caricato da

    Devin Fifield
    Agent_control tool allows you to query and get information from any agent you have configured on your server. It also allows you to restart (run now) the syscheck / rootcheck scan on any agent.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 2

    Manual: agent_control tool http://www.ossec.

    net/main/manual/manual-agent_control-tool/

    Home
    About
    Documentation
    Downloads
    Support
    Our Team

    Manual: agent_control tool


    This tool allows you to query and get information from any agent you have configured on your server and
    it also allows you to restart (run now) the syscheck/rootcheck scan on any agent.

    How it works? The first interesting command is “-lc”, to list the connected (active agents). To list all of
    them, use “-l” only.

    Example 1: Listing all active agents:

    # /var/ossec/bin/agent_control -lc
    OSSEC HIDS agent_control. List of available agents:
    ID: 000, Name: enigma.ossec.net (server), IP: 127.0.0.1, Active/Local
    ID: 002, Name: winhome, IP: 192.168.2.190, Active
    ID: 005, Name: jul, IP: 192.168.2.0/24, Active
    ID: 165, Name: esqueleto2, IP: 192.168.2.99, Active
    ID: 174, Name: lili3win, IP: 192.168.2.0/24, Active

    To query an agent, just use the “-i” option followed by the agent id.

    Example 2: Querying information from agent 002:

    # /var/ossec/bin/agent_control -i 002

    OSSEC HIDS agent_control. Agent information:


    Agent ID: 002
    Agent Name: winhome
    IP address: 192.168.2.190
    Status: Active

    Operating system: Microsoft Windows XP Professional (Build 2600)


    Client version: OSSEC HIDS v1.5-SNP-080412
    Last keep alive: Fri Apr 25 14:33:03 2008

    Syscheck last started at: Fri Apr 25 05:07:13 2008


    Rootcheck last started at: Fri Apr 25 09:04:12 2008

    To execute the syscheck/rootcheck scan immediately, use the “-r” option followed by the “-u” and the
    agent id.

    Example 3: Executing syscheck and rootcheck scan immediately:

    1 of 2 23/04/2009 11:51 AM
    Manual: agent_control tool http://www.ossec.net/main/manual/manual-agent_control-tool/

    # /var/ossec/bin/agent_control -r -u 000

    OSSEC HIDS agent_control: Restarting Syscheck/Rootcheck locally.

    For more information, just run it with the “-h” option:

    # /var/ossec/bin/agent_control -h

    OSSEC HIDS agent_control: Control remote agents.


    Available options:
    -h This help message.
    -l List available (active or not) agents.
    -lc List active agents.
    -i Extracts information from an agent.
    -r -a Runs the integrity/rootkit checking on all agents now.
    -r -u Runs the integrity/rootkit checking on one agent now.

    -s Changed the output to CSV (comma delimited).

    Recent Entries
    >Rootcheck updated to v2.0Mar 6
    >OSSEC v2.0 releasedFeb 27
    >v2.0 - What is comingJan 20
    >OSSEC v1.6.1 releasedOct 9
    (Archives)

    Shortcuts
    >Getting Started
    >First steps
    >Manual | Wiki
    >Commercial Support

    News/Announcements
    >Join OSSEC Linked-in Group
    >Join Mailing List

    All Content © 2008,2009 Third Brigade, Inc.

    2 of 2 23/04/2009 11:51 AM

    Potrebbero piacerti anche