Hi, I want to control any modification of logs files. For this I have introduce introduce in syscheck section of onssec.conf
<directories check_all="yes">/var/ossec/logs/archives/*/*</ directories> This work fine, but I want to avoid alerts about current day logs files. I have try <ignore>/var/ossec/logs/archives/%Y/%b/ossec-archive-%d.log</ignore> but don't work Thanks, Jorge
