I have a Windows and linux environment using ossec.
I have puppet within the linux environment (https://forge.puppetlabs.com/jgazeley/ossec) .
When this puppet module imports the agent, it assigns a value for id. I believe that because this value is:
ID: 007f0101, Name: xxxxxxxxxxxx.xxxxxxxxx.com, IP: xxx.xxx.xxx.xxx, Active
Splunk does not populate this client when parsing the output of agent_control -l
I was wondering if someone knew where in the python script this value is set so I can play around to see if I can get it to work.
... View more