Monitoring your OSSEC installation with Bigfix

Here's a small bonus blog for today. If you are running Bigfix, it's very easy to use it to monitor the state of your OSSEC deployment using the Analysis feature.

See my example below:



Here are the properties and the relevance to query them:

Version:
first 17 of line 1 of file "version.txt" of folder "c:\Program Files\ossec-agent" as string

Modtime of agent.conf:
modification time of file "agent.conf" of folder "C:\Program Files\ossec-agent\shared

Modtime of ar.conf:
modification time of file "ar.conf" of folder "C:\Program Files\ossec-agent\shared"

Service Running:
state of service "OssecSvc"

Relevance for the Analysis itself (ie which computers it runs against):
exists folder "C:\Program Files\ossec-agent"

A nice, quick overview of my entire OSSEC installation at a glance, and updated as frequently as you like (definable in each property in the Bigfix Analysis.)