Hello, you still have some choices: - move the files to another directory outside the /etc tree. This would make most sense since they dont really belong there from the "filetype" point of view. But i am sure you already checked this and depending on the product it may not be possible. - ignore /etc/SOMEDIR - which you seem to do now - <ignore type="sregex">.data$</ignore> which maybe an idea too since this extension is not really common.
The latter 2 will still scan the files (it doesnt copy them to the queue directory if i tested it right) and will compute their checksums. But they wont be reported to the server from what i see. Sadly i messed up my manager-client test installation due to the tests and need to set it up again (manually deleted the checksum files in queue/syscheck and they dont get generated anymore - even after a syscheck_control -u), but on a local install the files just got ignored. Cheers Thorsten -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
