Академический Документы
Профессиональный Документы
Культура Документы
OSSECAgentInstallationinwindowsStepbyStep
OSSECAgentInstallationinwindowsStepbyStep
InstallingOSSECagentinaWindowsserver
Step1
CreateanewOSSECkeyfortheagentfromtheServer
Step2
manage_agentsontheOSSECserver
Theserverversionofmanage_agentsprovidesaninterfaceto:
addanOSSECagenttotheOSSECserver
extractthekeyforanagentalreadyaddedtotheOSSECserver
removeanagentfromtheOSSECserver
listallagentsalreadyaddedtotheOSSECserver.
Step3:
Toaddanagenttypethebelowcommand
/var/ossec/bin/manage_agents
Themanage_agentsmenu:
****************************************
*OSSECHIDSv2.5SNP100809Agentmanager.*
*Thefollowingoptionsareavailable:*
***************************************
(A)ddanagent(A).
(E)xtractkeyforanagent(E).
(L)istalreadyaddedagents(L).
(R)emoveanagent(R).
(Q)uit.
Chooseyouraction:A,E,L,RorQ:
Typetheletterandhitenterwillinitiatethatfunction.
Step4:
Addinganagent
Toaddanagenttypeainthestartscreen:
http://parthicloud.com/ossecagentinstallationinwindowsstepbystep/
1/3
4/26/2016
OSSECAgentInstallationinwindowsStepbyStep
Chooseyouraction:A,E,L,RorQ:A
Youarethenpromptedtoprovideanameforthenewagent.Thiscanbethehostnameoranother
stringtoidentifythesystem.Inthisexampletheagentnamewillbeagent1.
Addinganewagent(use'\q'toreturntothemainmenu).
Pleaseprovidethefollowing:*Anameforthenewagent:agent1
AfterthatyouhavetospecifytheIPaddressfortheagent
TheIPAddressofthenewagent:192.168.2.1/32
ThelastinformationyouwillbeaskedforistheIDyouwanttoassigntotheagent.
AnIDforthenewagent[001]:
Asthefinalstepincreatinganagent,
youhavetoconfirmaddingtheagent:Agentinformation:ID:002Name:agent1
IPAddress:192.168.2.1/32
Confirmaddingit?(y/n):y
Agentadded.Afterthatmanage_agentsappendstheagentinformationto/var/ossec/etc/client.keys
andgoesbacktothestartscreen
Step5:
Extractingthekeyforanagent
Afteraddinganagent,akeyiscreated.Thiskeymustbecopiedtotheagent.Toextractthekey,use
theeoptioninthemanage_agentsstartscreen.Youwillbegivenalistofallagentsontheserver.To
extractthekeyforanagent,simplytypeintheagentID.Itisimportanttonotethatyouhavetoenter
alldigitsoftheID
Chooseyouraction:A,E,L,RorQ:E
Availableagents:ID:001,Name:agent1,IP:192.168.2.1/32
ProvidetheIDoftheagenttoextractthekey(or'\q'toquit):001
Agentkeyinformationfor'001'
http://parthicloud.com/ossecagentinstallationinwindowsstepbystep/
2/3
4/26/2016
OSSECAgentInstallationinwindowsStepbyStep
is:MDAyIGFnZW50MSAxOTIuMTY4LjIuMC8yNCBlNmY3N2RiMTdmMTJjZGRmZjg5YzA4ZDk5m
**PressENTERtoreturntothemainmenu.
Thekeyisencodedinthestring(shortenedforthisexample)
MDAyIGFnZW50MSAxOTIuMTY4LjIuMC8yNCBlNmY3N2RiMTdmMTJjZGRmZjg5YzA4ZDk5Mmand
includesinformationabouttheagent.Thisstringcanbeaddedtotheagentthroughtheagent
versionofmanage_agents.
Step6:
DownloadtheOSSECagentforwindowsandkeptintheplacewhereweneedtoinstall
Step7
Step7
IntheOSSECServerIPcolumngivetheIPaddressoftheOSSECServer
IntheAuthenticationcolumngivethekeywhichwehaveextractedearlier.
Step8
ClickSaveandpressmanageandrestarttheOSSEC.
Sharethis:
http://parthicloud.com/ossecagentinstallationinwindowsstepbystep/
3/3