Try this diff.
On Thu, Dec 29, 2011 at 10:04 PM, helpmailinglist
<[email protected]> wrote:
> Inside the <syscheck> section I have the following:
> <directories check_all="yes" restrict=".txt">/usr/local/tmp</
> directories>
>
> However, ossec does not report any /usr/local/tmp/*.txt in the file:
> ossec/queue/syscheck/<hostname IP address> ->syscheck.
>
> ossec v2.6 is being used on the server/client side. Other extensions
> (such as gz) and paths have been tried but with no luck.
>
> Has anyone been able to to run a similar setup?
--- syscheckd/create_db.c.orig Thu Dec 29 22:20:18 2011
+++ syscheckd/create_db.c Thu Dec 29 22:20:57 2011
@@ -122,9 +122,9 @@
/* No S_ISLNK on windows */
#ifdef WIN32
- else if(S_ISREG(statbuf.st_mode))
+ if(S_ISREG(statbuf.st_mode))
#else
- else if(S_ISREG(statbuf.st_mode) || S_ISLNK(statbuf.st_mode))
+ if(S_ISREG(statbuf.st_mode) || S_ISLNK(statbuf.st_mode))
#endif
{
os_md5 mf_sum;
