On Mon, Mar 18, 2013 at 8:21 PM, Smith, Cathy <[email protected]> wrote:
>
> Hi
>
> I have a question about dealing with expected files in the /var/log
> directory. Is there a way to exclude files such as those in /var/log/sa
> that are normally added/dropped daily? I’m running Red Hat’s RHEL6.2
> distribution of aide, aide-0.14.3. I’ve tried just to have aide ignore
> them, but the files are still listed under the daily added and dropped
> sections of the log:
> /var/log/sa NORMAL
> !/var/log/sa/sa[0-9][0-9]$
> !/var/log/sa/sar[0-9][0-9]$
>
>From the Aide manual: "It is generally a good idea to write the most
general rules last."
Try rearranging the rules like so:
!/var/log/sa/sa[0-9][0-9]$
!/var/log/sa/sar[0-9][0-9]$
/var/log/sa NORMAL
Be specific first and broad later.
Regards,
Keith Constable
_______________________________________________
Aide mailing list
[email protected]
https://mailman.cs.tut.fi/mailman/listinfo/aide
