ossec.conf: Client Options

Overview

Supported types

client options are available in the the following installation types:

• agent

Location

All client options must be configured in the /var/ossec/etc/ossec.conf and used within the <ossec_config> tag.

XML excerpt to show location:

<ossec_config>
    <client>
        <!--
        client options here
        -->
    </client>
</ossec_config>

Options

• server-ip

  Specify the IP address of the analysis server

  Allowed: Any Valid IP Address

• server-hostname

  Specify the hostname of the analysis server

  Allowed: Any Valid hostname

• port

  Specifies the port to send the events (must be the same to the one used by the analysis server).

  Default: 1514

  Allowed: Any port number from 1 to 65535

• config-profile

  Specifies the agent.conf profiles to be used by the agent. Multiple profiles can be included, separated by a comma and a space.

  Example:

  <client>
    <config-profile>webserver, lowmemory</config-profile>
  </client>
  

• notify_time

  Specifies the time in seconds between information messages sent by the agents to the server.

• time-reconnect

  Time in seconds until a reconnection attempt. This should be set to a higher number than notify_time.

• crypto_method

  Specifies the encryption method to use for communication with the manager.

  Default: aes

  Allowed: aes, blowfish