Hello people ! I want to make a rule to ignore some directories for the syscheck. I need regex because I have a lot of directories...
I make this : <group name="local,syslog,"> <!-- Note that rule id 5711 is defined at the ssh_rules file - as a ssh failed login. This is just an example - since ip 1.1.1.1 shouldn't be used anywhere. - Level 0 means ignore. --> <rule id="100001" level="0"> <if_group>syscheck</if_group> <hostname>***|***</hostname> <regex>*/.svn*|/etc/logrotate*|/etc/tinydns-dns*/log/*</regex> <description>Directories to exclude</description> </rule> But I always have alert for the logfile of tinydns... Thanks a lot !
