I need to ignore all added files in a directory under under a folder named .svn. I added the rule below to local_rules.xml and restarted the ossec server, but not the agents. It still seems to be emailing alerts. Did I get the syntax incorrect for the <match> tag?.
<! Ignore subversion files --> <rule id="100554" level="0"> <category>ossec</category> <if_sid>554</if_sid> <match>*.svn*</match> <description>File added to the system.</description> <group>syscheck,</group> </rule> Thanks for your help
