On Thu, Aug 23, 2012 at 11:12 AM, dkoleary <[email protected]> wrote:
> Has anyone modified the defaults in any significant way and have any > feedback on the quantity/quality of the resulting alerts? Yes. We monitor 20-30 Linux and Unix (BSD) servers and none are using the default directory configuration. My reasoning was the same as yours - outside of specific, identifiable cases, those filesystems should be static. Assuming you do your homework ahead of time regarding what actually DOES change on your filesystems (have a /usr/local/tmp or a /var/tmp, for example? some application in /usr/local that writes changes to its directory?), the alert count should not be any higher than using the defaults (if anything it may be lower - configuring for your environment is key). kmw
