I have an Amanda backup server onto which I've installed the OSSEC agent. I get regular alerts for files in /etc/amanda that have been deleted because of backup rotations and purging. I've tried creating a rule on the OSSEC server with a <match>/etc/amanda/</match> statement but still get the alerts.
Can someone point where I'm wrong on this? Thanks, CTD
