hey doug, y dont u increase the time of syscheck ..
that is what i mean to say is , set it at a time gap of around 21600 seconds. i hope this will reduce cpu utilization. On 22 April 2011 05:06, Christopher Laibinis <[email protected]>wrote: > How can I ignore a file or directory in the rootcheck portion of OSSC? > > For instance I am receiving the following: > > OSSEC HIDS Notification. > 2011 Apr 22 02:48:35 > > Received From: (nyctpdprd1) 10.186.196.132->rootcheck > Rule: 510 fired (level 7) -> "Host-based anomaly detection event > (rootcheck)." > Portion of the log(s): > > File '/dev/oracleasm/.query_disk' present on /dev. Possible hidden > file. > > I would like to ignore this file and have added the > > <ignore>/dev/oracleasm</ignore> > > directive in the ossec.conf file under the <rootcheck> portion, but it > does not work. >
