From OSSEC Wiki

Jump to: navigation, search
[edit]

How can I add many agents at once to ossec?

[edit]

Why?

Adding agents by hand is such a pain when using the manage_agents script. you should be able to automate it.

[edit]

Answer.

Luckily for you a nifty script called ossec-batch-manager.pl was included in the ossec tarball and can be found in the contrib folder. This script can easily be used to add client keys to the /var/ossec/etc/client.keys file on the server side. 

 Usage: ./ossec-batch-manager.pl [OPERATION] [OPTIONS]
 [operations]
   -a or --add               = Add a new agent
   -r or --remove  [id]      = Remove agent
   -e or --extract [id]      = Extract key
   -m or --import  [keydata] = Import key
   -l or --list              = List available agents
 [options]
   -k or --key     [keydata] = Key data
   -n or --name    [name]    = Agent name (32 character max)
   -i or --id      [id]      = Agent identification (integer)
   -p or --ip      [ip]      = IP address


For example: 

 [root@gravel contrib]# ./ossec-batch-manager.pl -a --ip 192.168.0.2 -n foo2 -a --ip 192.168.0.3 -n foo3

would add the Hosts foo2(192.168.0.2) and foo3(192.168.0.3) respectively.

Retrieved from "http://ossec.net/wiki/index.php/Know_How:BulkAgentAdd"
Views
Personal tools