Hi all, I'm trying to figure out how to get wildcards to work under the <ignore> directive in the ossec.conf - I read a post where <ignore type="sregex"> is the directive to use but I'm not sure what the regex would be for the format I'm trying to ignore.
Basically, the log files have the date appended to the end and are rotated every day, so for instance, todays logs would look something like httpd.log.0910260624 and tomorrows would look like httpd.log. 0910270624 We are monitoring the directory this file resides in but I want to exclude this specific file. How would I go about this? Thanks! Jeremy
