On Tue, Feb 18, 2014 at 2:15 PM, Anuj AJ <[email protected]> wrote: > Oh .. sorry .. i wasnt clear ... the directories denoted by * get > dynamically added frequently (as you can see like releases). > > <ignore type="sregex">^/home/smartbiz/releases/DIR1/tmp</ignore> > <ignore type="sregex">^/home/smartbiz/releases/DIR2/tmp</ignore> > .. > .. > > So if there is any way that OSSEC can skip just the 'tmp' directories under > those directories ? >
Eh, probably. Maybe try chaining rules. First one does a match for "/home/smartbiz/releases" and the child looks for "/tmp$" or something. > > > > > On Tuesday, February 18, 2014 11:08:34 AM UTC-8, dan (ddpbsd) wrote: >> >> On Tue, Feb 18, 2014 at 2:06 PM, Anuj AJ <[email protected]> wrote: >> > Was thinking the same, since some other permutations of '*' wasnt >> > working >> > either. >> > >> > Is there any other way i can accomplish what i seek ?? >> > Would really appreciate the help. >> > >> >> <ignore type="sregex">^/home/smartbiz/ >> releases/DIR1/tmp</ignore> >> <ignore type="sregex">^/home/smartbiz/ >> releases/DIR2/tmp</ignore> >> <ignore type="sregex">^/home/smartbiz/ >> releases/DIR3/tmp</ignore> >> >> > Thanks >> > >> > Anuj >> > >> > >> > On Tuesday, February 18, 2014 10:29:04 AM UTC-8, dan (ddpbsd) wrote: >> >> >> >> On Tue, Feb 18, 2014 at 1:27 PM, Anuj AJ <[email protected]> wrote: >> >> > Greetings >> >> > >> >> > I have OSSEC 2.7 server agent setup and have been trying to have the >> >> > agent >> >> > ignore some specific directories. >> >> > So far the test cases have been successful, but im stuck on this in >> >> > particular - >> >> > >> >> > Trying to ignore the directories - >> >> > >> >> > /home/foo/foofoo/*/tmp >> >> > >> >> > by * i mean all the directories underneath 'foofoo', have >> >> > subdirectory >> >> > 'tmp' >> >> > that i want to ignore/exclude. >> >> > >> >> > currently i have this under the agent config >> >> > >> >> > <ignore type="sregex">^/home/smartbiz/releases/*/tmp</ignore> >> >> > >> >> >> >> I don't believe "*" is valid sregex. >> >> >> >> > Doesnt seem to work :( >> >> > >> >> > Please help. >> >> > >> >> > Thanks >> >> > AJ >> >> > >> >> > >> >> > -- >> >> > >> >> > --- >> >> > You received this message because you are subscribed to the Google >> >> > Groups >> >> > "ossec-list" group. >> >> > To unsubscribe from this group and stop receiving emails from it, >> >> > send >> >> > an >> >> > email to [email protected]. >> >> > For more options, visit https://groups.google.com/groups/opt_out. >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to the Google >> > Groups >> > "ossec-list" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> > an >> > email to [email protected]. >> > For more options, visit https://groups.google.com/groups/opt_out. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
