I wanted to ignore /etc/lvm/backup directroy and i have added it in
agent.conf file and restart all agents but still i have getting
notification :( am i doing wrong ?
root@vmg035:~# cat /var/ossec/etc/shared/agent.conf
<agent_config>
<syscheck>
<!-- Frequency that syscheck is executed - default to every 2 hours -->
<frequency>7200</frequency>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin</directories>
<!-- No scan at start service time -->
<scan_on_start>no</scan_on_start>
<!-- Disable frequently changes files -->
<auto_ignore>no</auto_ignore>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/mnttab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
<ignore>/etc/motd</ignore>
<ignore>/etc/printcap</ignore>
<ignore>/etc/prelink.cache</ignore>
<ignore>/etc/lvm/backup</ignore>
</syscheck>
.....
.....
..So..on..
