On Wed, Nov 7, 2012 at 6:01 PM, SupuS <[email protected]> wrote: > Hello, > > I would like to exlude direcotory /var/lib/backuppc from ossec-syscheckd > completly. Ossec server is installed on the same host and every day it scan > this directory. It takes many hours and lot of CPU and I really don't want > scan this directory. Is there a way how to do it? > > In /var/ossec/etc/ossec.conf I have: > >> <!-- Directories to check (perform all possible verifications) --> >> <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories> >> <directories check_all="yes">/bin,/sbin</directories> > > > so /var directory should not be scanned at all .. right? But it is scanned > every time when ossec-syscheckd runs. > > Thanks for any suggestion
What version of OSSEC? Are there any symlinks pointing to /var from the other places? Is this an agent, local,or server install? Possible agent.conf issue? -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
