You need to tell ossec that you are using regex in your ignore list like <ignore type="sregex">^/etc/SOMEDIR/\+.data$</ignore>
Look here: http://ossec-docs.readthedocs.org/en/latest/manual/syscheck/index.html#configuration-examples Hope that helps. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
