-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/16/2010 05:22 AM, Bob Sauvage wrote: > Ok, thanks for these tips ;) ! > > I changed it like this : > > <rule id="100001" level="0"> > <if_group>syscheck,</if_group> > <hostname>**|**</hostname> > <regex>'\\S+/.svn</regex> > <description>Directories to exclude</description> > </rule> > > What do you think of this ?
I'm still a bit new to OSSEC, so sorry if there's an obvious answer to this, but.. Why use a rule to exclude directories and not use the syscheck <ignore> tags? If I understand correctly, using a rule means that the directories are still checked, using memory/cpu, while using an <ignore> tag would prevent syscheck from checking them to begin with. Am I missing something obvious? - -- - --------------------------- Jason 'XenoPhage' Frisvold [email protected] - --------------------------- "Any sufficiently advanced magic is indistinguishable from technology." - - Niven's Inverse of Clarke's Third Law -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxEVJUACgkQ8CjzPZyTUTQDXwCgl92ZL8b+SChqsRTogqcU6Xx8 kXgAoJ6VR5r/iB+Fr78JriEn9r4PnWLJ =LGpi -----END PGP SIGNATURE-----
