Hi, There is some examples I found https://bitbucket.org/dcid/ossec-hids/src/4b86abf62d5b/src/syscheckd/create_db.c#cl-344 https://bitbucket.org/dcid/ossec-hids/src/4b86abf62d5b/src/win32/ossec.conf#cl-98
The notation might be drive letter:\, for others, will be / Hubert On Thu, Nov 17, 2011 at 6:20 AM, Mark C <[email protected]> wrote: > > Newbie question here - I'm trying to monitor specific folders on different > drives. Which is the correct syntax? Which slash(/ or \) is it supposed to > be? I would guess it matters... > > <!-- Default files to be monitored - system32 only. --> > <directories check_all="yes">C:\Documents and Settings/All Users/Start > Menu/Programs/Startup</directories> > > <directories check_all="yes">C:\Test/OSSEC</directories> > > <directories check_all="yes">D:/Program > Files/FAR_NET_RPP_DIRECT/root</directories> > > <directories check_all="yes">E:\Program > Files/FAR_NET_CONSUMERS_2005/root</directories> > > <ignore type="sregex">.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$</ignore> > > > > Thanks, > > -Mark
