Hi John, You can't use regexes on v2.0, but I just added support for it on the latest snapshot:
http://www.ossec.net/files/snapshots/ossec-hids-090330.tar.gz It is the same code from 2.0 with a few bug fixes and this feature. Now you can do: <directories check_all="yes">/servers/*/etc, /servers/*/sbin, etc...</directories> Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On Mon, Mar 30, 2009 at 5:30 AM, John A. Sullivan III <[email protected]> wrote: > > Hello, all. I see one can use posix regex in the localfiles definitions > and sregex in ignore definitions. Can either be used in the > <directories> definitions? This would be enormously helpful in a VServer > environment such as ours. Since we've already seen syscheck spin out of > control on vserver, we thought we had better ask before experimenting! > Thanks - John > -- > John A. Sullivan III > Open Source Development Corporation > +1 207-985-7880 > [email protected] > > http://www.spiritualoutreach.com > Making Christianity intelligible to secular society > >
