I get these alerts: Received From: satyr->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s):
File '/dev/shm/pulse-shm-43637809' present on /dev. Possible hidden file. How do I cause OSSEC not to send an alert for /dev/shm/pulse-shm-\d+ ? Thanks for any replies. Best regards, ---Kayvan
