{"id":184,"date":"2008-04-25T22:13:46","date_gmt":"2008-04-25T22:13:46","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=184"},"modified":"2020-07-02T22:14:21","modified_gmt":"2020-07-02T22:14:21","slug":"v1-5-preview-agent_control","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2008\/04\/v1-5-preview-agent_control\/","title":{"rendered":"v1.5 preview \u2013 agent_control"},"content":{"rendered":"\n<p>Version 1.5 will come with a new utility binary, called&nbsp;<em>agent_control<\/em>&nbsp;(by default located at&nbsp;<strong>\/var\/ossec\/bin\/agent_control<\/strong>&nbsp;).<\/p>\n\n\n\n<p>Basically, it allows you to query and get information from any agent you have configured on your server and it also allows you to restart (run now) the syscheck\/rootcheck scan on any agent.<\/p>\n\n\n\n<p>How it works? The first interesting command is&nbsp;<em>\u201c-lc\u201d<\/em>, to list the connected (active agents). To list all of them, use&nbsp;<em>\u201c-l\u201d<\/em>&nbsp;only.<\/p>\n\n\n\n<p><strong>Example 1: Listing all active agents:<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>#&nbsp;<strong>\/var\/ossec\/bin\/agent_control -lc<\/strong><br>OSSEC HIDS agent_control. List of available agents:<br>ID: 000, Name: enigma.ossec.net (server), IP: 127.0.0.1, Active\/Local<br>ID: 002, Name: winhome, IP: 192.168.2.190, Active<br>ID: 005, Name: jul, IP: 192.168.2.0\/24, Active<br>ID: 165, Name: esqueleto2, IP: 192.168.2.99, Active<br>ID: 174, Name: lili3win, IP: 192.168.2.0\/24, Active<\/p><\/blockquote>\n\n\n\n<p>To query an agent, just use the \u201c-i\u201d option followed by the agent id.<\/p>\n\n\n\n<p><strong>Example 2: Querying information from agent 002:<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>#&nbsp;<strong>\/var\/ossec\/bin\/agent_control -i 002<\/strong><\/p><p>OSSEC HIDS agent_control. Agent information:<br>Agent ID: 002<br>Agent Name: winhome<br>IP address: 192.168.2.190<br>Status: Active<\/p><p>Operating system: Microsoft Windows XP Professional (Build 2600)<br>Client version: OSSEC HIDS v1.5-SNP-080412<br>Last keep alive: Fri Apr 25 14:33:03 2008<\/p><p>Syscheck last started at: Fri Apr 25 05:07:13 2008<br>Rootcheck last started at: Fri Apr 25 09:04:12 2008<\/p><\/blockquote>\n\n\n\n<p>To execute the syscheck\/rootcheck scan immediately, use the \u201c-r\u201d option followed by the \u201c-u\u201d and the agent id.<\/p>\n\n\n\n<p><strong>Example 3: Executing syscheck and rootcheck scan immediately:<\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>#&nbsp;<strong>\/var\/ossec\/bin\/agent_control -r -u 000<\/strong><\/p><p>OSSEC HIDS agent_control: Restarting Syscheck\/Rootcheck locally.<\/p><\/blockquote>\n\n\n\n<p>For more information, just run it with the \u201c-h\u201d option:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>#&nbsp;<strong>\/var\/ossec\/bin\/agent_control -h<\/strong><\/p><p>OSSEC HIDS agent_control: Control remote agents.<br>Available options:<br>-h This help message.<br>-l List available (active or not) agents.<br>-lc List active agents.<br>-i&nbsp;Extracts information from an agent.<br>-r -a Runs the integrity\/rootkit checking on all agents now.<br>-r -u&nbsp;Runs the integrity\/rootkit checking on one agent now.<\/p><p>-s Changed the output to CSV (comma delimited).<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Version 1.5 will come with a new utility binary, called&nbsp;agent_control&nbsp;(by default located at&nbsp;\/var\/ossec\/bin\/agent_control&nbsp;). Basically, it allows you to query and get information from any agent you have configured on your server and it also allows you to restart (run now) the syscheck\/rootcheck scan on any agent. How it works? The first interesting command is&nbsp;\u201c-lc\u201d, to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/184"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=184"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/184\/revisions"}],"predecessor-version":[{"id":185,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/184\/revisions\/185"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}