I put this line to ossec.conf but it doesn't help. Ossec is scanning
content of /var/lib/backuppc/ right now. This is line from strace:
lstat("/var/lib/backuppc/pc/www.server.com/215/f%2f/fvar/fwww/fclients/fclient/fweb/fweb/fwp-admin/fimages/image.gif",
{st_mode=S_IFREG|0640, st_size=243, ...}) = 0
Dne středa, 2. října 2013 14:22:45 UTC+2 Franz Nemeth napsal(a):
>
> Did you try: <ignore type="sregex">/var/lib/backuppc/\.*</ignore> ?
>
> This seems to solve the issue for me!
>
> Regards
> Franz Nemeth
>
> Am Mittwoch, 2. Oktober 2013 12:51:42 UTC+2 schrieb Jan Kopecký:
>>
>> > What version of OSSEC?
>>
>> 2.7 (upgraded from previous versions)
>>
>> > Are there any symlinks pointing to /var from the other places?
>>
>> no
>>
>> > Is this an agent, local,or server install?
>>
>> it is server install
>>
>> > Possible agent.conf issue?
>>
>> what should I search for?
>>
>> Dne čtvrtek, 26. září 2013 15:52:24 UTC+2 dan (ddpbsd) napsal(a):
>>>
>>> On Wed, Nov 7, 2012 at 6:01 PM, SupuS <[email protected]> wrote:
>>> > Hello,
>>> >
>>> > I would like to exlude direcotory /var/lib/backuppc from
>>> ossec-syscheckd
>>> > completly. Ossec server is installed on the same host and every day it
>>> scan
>>> > this directory. It takes many hours and lot of CPU and I really don't
>>> want
>>> > scan this directory. Is there a way how to do it?
>>> >
>>> > In /var/ossec/etc/ossec.conf I have:
>>> >
>>> >> <!-- Directories to check (perform all possible verifications) -->
>>> >> <directories
>>> check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
>>> >> <directories check_all="yes">/bin,/sbin</directories>
>>> >
>>> >
>>> > so /var directory should not be scanned at all .. right? But it is
>>> scanned
>>> > every time when ossec-syscheckd runs.
>>> >
>>> > Thanks for any suggestion
>>>
>>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
