I believe you have to use ignore as file/directory you want to exclude: <ignore>/var/lib/backuppc</ignore>
On Wed, Nov 7, 2012 at 3:01 PM, SupuS <[email protected]> wrote: > Hello, > > I would like to exlude direcotory /var/lib/backuppc from ossec-syscheckd > completly. Ossec server is installed on the same host and every day it scan > this directory. It takes many hours and lot of CPU and I really don't want > scan this directory. Is there a way how to do it? > > In /var/ossec/etc/ossec.conf I have: > > <!-- Directories to check (perform all possible verifications) --> >> <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories> >> <directories check_all="yes">/bin,/sbin</directories> >> > > so /var directory should not be scanned at all .. right? But it is scanned > every time when ossec-syscheckd runs. > > Thanks for any suggestion >
