Thanks. I didnt see the sregex reference at the bottom, I obviously was looking at the regex only part. :)
On Dec 21, 12:50 pm, "dan (ddp)" <[email protected]> wrote: > On Wed, Dec 21, 2011 at 3:00 PM, BP9906 <[email protected]> wrote: > > I only tried that after <ignore type="sregex">/var/www/log/ > > httpd_access.log.\d+</ignore> failed to do the job. > > > Suggestions? > > http://www.ossec.net/doc/syntax/regex.html#os-match-sregex-syntax > > > > > > > > > On Dec 21, 11:23 am, "dan (ddp)" <[email protected]> wrote: > >> On Wed, Dec 21, 2011 at 1:47 PM, BP9906 <[email protected]> wrote: > >> > How do I ensure that I ignore these log files? > > >> > I have apache log files that are ending with a date/time in the > >> > filename. The below isnt working for some reason. > > >> > <ignore type="sregex">/var/www/log/httpd_access.log.*</ignore> > > >> That's not proper sregex. > > >> > I also tried /var/www/log/httpd_access.log.\d+ but that didntn work > >> > either. > > >> > Its in agents.conf file. > > >> > <agent_config name="server"> > >> > <syscheck> > >> > <scan_on_start>no</scan_on_start> > >> > <frequency>21600</frequency> > > >> > <directories check_all="yes">/var/www/log/</directories> > >> > <ignore type="sregex">/var/www/log/httpd_access.log.*</ignore> > > >> > </syscheck> > >> > ... > > >> > Any suggestions?
