Re: [ossec-list] Re: Ossec syscheck - How to ignore file extension ?

On Feb 15, 2016 8:31 PM, "Leo G" wrote: > > Thanks Jesus Linares, > > Yes, I noticed the typo, was using > > I can't use '.jpg$' because I want to only exclude directory_one/directory_two/*.jpg > > Therefore I tried config like this: > > /home/leo/testing/\.+.jpg >

[ossec-list] Re: Ossec syscheck - How to ignore file extension ?

Thanks Jesus Linares, Yes, I noticed the typo, was using I can't use '.jpg$' because I want to only exclude directory_one/directory_two/*.jpg Therefore I tried config like this: /home/leo/testing/\.+.jpg /home/leo/testing/\S+.jpg Unfortunately no luck with regular expression matching for me

[ossec-list] Re: Get actual Agent IP

Hi, as far as I know you can't get the agent IP if it is connected using *any*. It is supposed you should use *any *only if your agent IP changes frequently (DHCP). Anyway, keep in mind that even getting the IP, the DHCP will re-assing that IP so the analysis is difficult. Victor modified

[ossec-list] Re: IISv7.5 decoder attempt

Hi Fredrik, user-created rules are defined in *local_rules.xml* and the range is from 10 to 11. If you want to change the behaviour of a rule you have to use the option *overwrite*. Using the *overwrite *option instructs rule engine to use the local rule definition instead of the one