On 04/12/2011 04:21 PM, satish patel wrote:
I wanted to ignore /etc/lvm/backup directroy and i have added it in
agent.conf file and restart all agents but still i have getting
notification :( am i doing wrong ?
root@vmg035:~# cat /var/ossec/etc/shared/agent.conf
<agent_config>
<syscheck>
<!-- Frequency that syscheck is executed - default to every 2 hours -->
<frequency>7200</frequency>
<!-- Directories to check (perform all possible verifications) -->
<directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
<directories check_all="yes">/bin,/sbin</directories>
<!-- No scan at start service time -->
<scan_on_start>no</scan_on_start>
<!-- Disable frequently changes files -->
<auto_ignore>no</auto_ignore>
<!-- Files/directories to ignore -->
<ignore>/etc/mtab</ignore>
<ignore>/etc/mnttab</ignore>
<ignore>/etc/hosts.deny</ignore>
<ignore>/etc/mail/statistics</ignore>
<ignore>/etc/random-seed</ignore>
<ignore>/etc/adjtime</ignore>
<ignore>/etc/httpd/logs</ignore>
<ignore>/etc/utmpx</ignore>
<ignore>/etc/wtmpx</ignore>
<ignore>/etc/cups/certs</ignore>
<ignore>/etc/dumpdates</ignore>
<ignore>/etc/svc/volatile</ignore>
<ignore>/etc/motd</ignore>
<ignore>/etc/printcap</ignore>
<ignore>/etc/prelink.cache</ignore>
<ignore>/etc/lvm/backup</ignore>
</syscheck>
.....
.....
..So..on..
Check if md5sum is the same on server and agent for the agent.conf file ...
Normally, you need to wait some minutes on the agent side until server
push new agent.conf file ...
Bye.
--
CL Martinez
carlopmart {at} gmail {d0t} com
