Inside the <syscheck> section I have the following: <directories check_all="yes" restrict=".txt">/usr/local/tmp</ directories>
However, ossec does not report any /usr/local/tmp/*.txt in the file: ossec/queue/syscheck/<hostname IP address> ->syscheck. ossec v2.6 is being used on the server/client side. Other extensions (such as gz) and paths have been tried but with no luck. Has anyone been able to to run a similar setup?
