DefaultInintInfo Create a default Info.

GetAgentKey read from Environment and if not found there, try default file.

LoadAgentKeyMap read all agent infos from a file (/var/ossec/etc/client.keys).

LoadClientConfig Load the client configuration from a fole.

NewAgent create a new Agent for the target server.

NewClientConfig new client config with default values set.

NewEnrollmentConfig initialize new enrolment config.

NewInitInfo read InitInfo from default location.

NewQueue create new wodle.

ParseAgentKey parse a single key entry line.

Use PKCS7 to fill, IOS is also 7.

ReadInitInfo read InitInfo from file.

RegisterAgent register an agent via the AuthD Service.

WithAgentAllowedIPs which IPs are allwed.

WithAgentIP use specific Agent IP in messages.

WithBasePath use specific where to cache downloaded files.

WithClientName use a custom client name.

WithClientVersion use a custom client version.

WithConfigHash specify a local config hash.

WithContext use a custom context.

WithEncryptionMethod specify encryption method to use.

WithInitInfo use a custom context.

WithPort use specific port.

WithQueueLogger use a custom logger.

WithQueuePath use a custom queue path.

WithTargetQueue use a custom target queue.

WithTCP use TCP as Transport.

WithUDP use UDP as Transport.

WithZapLogger use a custom logger.

Windows log */.

EncryptionMethodAES use AES for transprot encryption.

EncryptionMethodBlowFish use BlowFish for transprot encryption.

Firewall event */.

Host information log (from nmap or similar) */.

IDS alert */.

time between server pings.

OSSEC rule */.

maximum number of messages that can be send ber second (500 is the hard limit on the server - be gentle ).

Squid log */.

each 60th ping -> 1/h.

syslog message */.

Types of events (from decoders) */.

Apache log */.

LocalInitInfo contains the init info of the locally installed OSSEC.

AgentKey a single key entry.

Client allowes to handshake with the server to reach a pending state (which allowes the agent to become a group member).

ClientConfig see: https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/client.html.

EnrollmentConfig enrolment configuration.

Event static structured event data user, srcip, dstip, srcport, dstport, protocol, action, id, url, data, extra_data, status, system_name https://documentation.wazuh.com/4.0/user-manual/ruleset/dynamic-fields.html https://github.com/wazuh/wazuh/blob/master/src/analysisd/decoders/plugins/json_decoder.c.

InitInfo information gathered from ossec-init.conf.

IntegrationEvent basic integration message.

IntegrationMeta standard metadata.

LocalConfig see https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/index.html.

R"([{"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":"411","source":"xorg","version":"1:7.7+19ubuntu14","os_patch":""},{"hotfix":"KB4586786"}])")));.

Queue helper to create a custom wodle.

QueuePosting a massage for the queue.

AgentKeyMap map of agents in agents key file.

AgentOption allows setting custom parameters during construction.

ConvertibleBoolean xml bool values (0,no,false / 1,yes,true).

EncryptionMethod supported transport encryption.

QueueOption allows setting custom parameters during construction.