The sregex syntax is VERY limited. This explains the syntax: http://www.ossec.net/wiki/Know_How:Regex_Readme
On Tue, Aug 3, 2010 at 6:17 PM, Jefferson, Shawn <shawn.jeffer...@bcferries.com> wrote: > Hi, > > I’m monitoring a directory that contains application files and logs. I’d > like to ignore the logs. The filenames are in the format: blahblah.log.1 or > blahblah.log.22 (one or two digits indicating the day of the month.) > > I thought that this might do it, but doesn’t seem to be working: > > <ignore type="sregex">.log.\d+$</ignore> > > What am I doing wrong here? > > Thanks, > Shawn >
