Sorry for the late response ... Could you give me an example .. I have been struggling to implement the hierarchy you mentioned, where one rule would check for - "/home/smartbiz/releases" and the other child looks for "/tmp$".
Perhaps the block of config that i would put in ossec.conf on the agent side. Hoping for best. Thanks AJ On Tuesday, February 18, 2014 11:19:06 AM UTC-8, dan (ddpbsd) wrote: > > On Tue, Feb 18, 2014 at 2:15 PM, Anuj AJ <[email protected] <javascript:>> > wrote: > > Oh .. sorry .. i wasnt clear ... the directories denoted by * get > > dynamically added frequently (as you can see like releases). > > > > <ignore type="sregex">^/home/smartbiz/releases/DIR1/tmp</ignore> > > <ignore type="sregex">^/home/smartbiz/releases/DIR2/tmp</ignore> > > .. > > .. > > > > So if there is any way that OSSEC can skip just the 'tmp' directories > under > > those directories ? > > > > Eh, probably. > Maybe try chaining rules. First one does a match for > "/home/smartbiz/releases" and the child looks for "/tmp$" or > something. > > > > > > > > > > > On Tuesday, February 18, 2014 11:08:34 AM UTC-8, dan (ddpbsd) wrote: > >> > >> On Tue, Feb 18, 2014 at 2:06 PM, Anuj AJ <[email protected]> wrote: > >> > Was thinking the same, since some other permutations of '*' wasnt > >> > working > >> > either. > >> > > >> > Is there any other way i can accomplish what i seek ?? > >> > Would really appreciate the help. > >> > > >> > >> <ignore type="sregex">^/home/smartbiz/ > >> releases/DIR1/tmp</ignore> > >> <ignore type="sregex">^/home/smartbiz/ > >> releases/DIR2/tmp</ignore> > >> <ignore type="sregex">^/home/smartbiz/ > >> releases/DIR3/tmp</ignore> > >> > >> > Thanks > >> > > >> > Anuj > >> > > >> > > >> > On Tuesday, February 18, 2014 10:29:04 AM UTC-8, dan (ddpbsd) wrote: > >> >> > >> >> On Tue, Feb 18, 2014 at 1:27 PM, Anuj AJ <[email protected]> > wrote: > >> >> > Greetings > >> >> > > >> >> > I have OSSEC 2.7 server agent setup and have been trying to have > the > >> >> > agent > >> >> > ignore some specific directories. > >> >> > So far the test cases have been successful, but im stuck on this > in > >> >> > particular - > >> >> > > >> >> > Trying to ignore the directories - > >> >> > > >> >> > /home/foo/foofoo/*/tmp > >> >> > > >> >> > by * i mean all the directories underneath 'foofoo', have > >> >> > subdirectory > >> >> > 'tmp' > >> >> > that i want to ignore/exclude. > >> >> > > >> >> > currently i have this under the agent config > >> >> > > >> >> > <ignore type="sregex">^/home/smartbiz/releases/*/tmp</ignore> > >> >> > > >> >> > >> >> I don't believe "*" is valid sregex. > >> >> > >> >> > Doesnt seem to work :( > >> >> > > >> >> > Please help. > >> >> > > >> >> > Thanks > >> >> > AJ > >> >> > > >> >> > > >> >> > -- > >> >> > > >> >> > --- > >> >> > You received this message because you are subscribed to the Google > >> >> > Groups > >> >> > "ossec-list" group. > >> >> > To unsubscribe from this group and stop receiving emails from it, > >> >> > send > >> >> > an > >> >> > email to [email protected]. > >> >> > For more options, visit https://groups.google.com/groups/opt_out. > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to the Google > >> > Groups > >> > "ossec-list" group. > >> > To unsubscribe from this group and stop receiving emails from it, > send > >> > an > >> > email to [email protected]. > >> > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/groups/opt_out. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
