Step 1: Open a text editor on your system.
On Windows notepad is a good text editor, on a Linux based system we recommend either vi or gedit. You will add your cronjob script to this file.
For example, if you wanted the server to run a cronjob that generated the output of the agents that are connected and the agents that are not connected, you would create a cronjob script that looks like this:
#!/bin/bash
#This line is required for the script to run on UNIX based system
#The first command you want to run, and the destination for its output
#change the path to a directory you can access.
/var/ossec/bin/list_agents -c > /home/someuser/current_list_of_connected_agents.txt
#The second command you want to run, and the destination for its output
#change the path to a directory you can access.
/var/ossec/bin/list_agents -n > /home/someuser/current_list_of_not_connected_agents.txt
#and so on
This script will generate two files:
/home/someuser/current_list_of_connected_agents.txt
/home/someuser/current_list_of_not_connected_agents.txt
Which will contain the output of the currently connected agents, and the agents that are not connected. Make sure that you modify your script to use a path that exists on the system. By default there is no /home/someuser directory and this script will fail.
Step 2: Save your file with a name that ends in .sh
For example, name this file "agents_report.sh"
Step 3: Copy the file to your OSSEC server.
Note: If you created this file on a Windows system, many windows text editors will add Control Ms to the end of each line. To remove these, run this command on the OSSEC system against the file you just uploaded:
dos2unix agents_report.sh
Step 4: Open a Terminal Window (Command Line) on the OSSEC server and become the root user with this command:
su -
Step 5: Copy the "agents_report.sh" file into the crontab directory that is appropriate for your needs
There are four directories that correspond to the interval at which this script will be run automatically, they are:
/etc/cron.hourly
/etc/cron.daily
/etc/cron.weekly
/etc/cron.monthly
As the root user, copy the "agents_report.sh" file into one of these directories.
Step 6: Set the correct permissions on the file to ensure it can run. For example:
cd /etc/cron.hourly
chown root.root agents_report.sh
chmod u+x agents_report.sh
The script will now run automatically based on the interval you have selected. IF you need the cronjob to run more frequently, or at a specific date and/or time, this will require you to use the system crontab tool which is explained in the section below:
Advanced Cronjobs
Step 1: Move your cronjob script to /usr/local/bin and set the correct permissions for it to run. For example:
mv /etc/cron.hourly/agents_report.sh /usr/local/bin
chown root.root /usr/local/bin/agents_report.sh
chmod u+x /usr/local/bin/agents_report.sh
Step 2: Launch the crontab tool
crontab –e
By default, this will open the root users cronjobs list (if any) via the vi editor. Create the cron command using the following syntax:
1. The number of minutes after the hour (0 to 59)
2. The hour in military time (24 hour) format (0 to 23)
3. The day of the month (1 to 31)
4. The month (1 to 12)
5. The day of the week(0 or 7 is Sun, or use name)
6. The command to run
More graphically they would look like this:
* * * * * Command to be executed
- - - - -
| | | | |
| | | | +----- Day of week (0-7)
| | | +------- Month (1 - 12)
| | +--------- Day of month (1 - 31)
| +----------- Hour (0 - 23)
+------------- Min (0 - 59)
An example command would be
0 0 * * * /usr/local/bin/agents_reports.sh
This would mean that the shell script will exactly execute at midnight every night.
To save changes to the crontab entry you just made, hit the ESC key, then type :wq! to save and exit.