Hi srossan, thank you for replay and sorry for a bit late response ;)
I set following in /var/ossec/etc/ossec.conf <ignore>/var/lib/backuppc</ignore> but it doesn't work. ossec-syscheckd daemon still check this directory. I found next recommendation on http://www.ossec.net/doc/manual/syscheck/ so I add following: <ignore type="sregex">^/var/lib/backuppc</ignore> but it doesn't help too. To directory /var/lib/backuppc is mounted separated filesystem and now it contains a lot of files. It takes few days when ossec-syscheckd finish scanning and it has really negative influence to backup performance. Dne čtvrtek, 8. listopadu 2012 0:23:30 UTC+1 srossan napsal(a): > > I believe you have to use ignore as file/directory you want to exclude: > <ignore>/var/lib/backuppc</ignore> > > On Wed, Nov 7, 2012 at 3:01 PM, SupuS <[email protected] <javascript:>>wrote: > >> Hello, >> >> I would like to exlude direcotory /var/lib/backuppc from ossec-syscheckd >> completly. Ossec server is installed on the same host and every day it scan >> this directory. It takes many hours and lot of CPU and I really don't want >> scan this directory. Is there a way how to do it? >> >> In /var/ossec/etc/ossec.conf I have: >> >> <!-- Directories to check (perform all possible verifications) --> >>> <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories> >>> <directories check_all="yes">/bin,/sbin</directories> >>> >> >> so /var directory should not be scanned at all .. right? But it is >> scanned every time when ossec-syscheckd runs. >> >> Thanks for any suggestion >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
