On Wed, Dec 21, 2011 at 3:00 PM, BP9906 <[email protected]> wrote: > I only tried that after <ignore type="sregex">/var/www/log/ > httpd_access.log.\d+</ignore> failed to do the job. > > Suggestions? >
http://www.ossec.net/doc/syntax/regex.html#os-match-sregex-syntax > On Dec 21, 11:23 am, "dan (ddp)" <[email protected]> wrote: >> On Wed, Dec 21, 2011 at 1:47 PM, BP9906 <[email protected]> wrote: >> > How do I ensure that I ignore these log files? >> >> > I have apache log files that are ending with a date/time in the >> > filename. The below isnt working for some reason. >> >> > <ignore type="sregex">/var/www/log/httpd_access.log.*</ignore> >> >> That's not proper sregex. >> >> >> >> >> >> >> >> > I also tried /var/www/log/httpd_access.log.\d+ but that didntn work >> > either. >> >> > Its in agents.conf file. >> >> > <agent_config name="server"> >> > <syscheck> >> > <scan_on_start>no</scan_on_start> >> > <frequency>21600</frequency> >> >> > <directories check_all="yes">/var/www/log/</directories> >> > <ignore type="sregex">/var/www/log/httpd_access.log.*</ignore> >> >> > </syscheck> >> > ... >> >> > Any suggestions?
