On Wed, Dec 17, 2014 at 10:50 AM, Abhi <[email protected]> wrote: > Hi, > > I wanted to monitor all files of type *.trg to make sure we get alert each > time integrity of any such file change within a particular directory. > For using a wild card like *.trg, should I be using a <localfile> tag, or a > <directory>? > > When I am using a localfile tag, OSSEC prints following two messages: > > ERROR "unable to open file C:\ Path\*.trg > INFO: File not available, ignoring it: C:\ Path \*.trg" >
localfiles is for log files to be monitored. > and when used with the directory tag, it says "WARN: Error opening > directory: 'C:\Path\*.trg" > > We only want to monitor files of type "trg". Other files in that directory > don't need integrity monitoring. > I can't remember if globbing works on Windows or not (I might be thinking of localfiles), but restrict should work. Try something like: <directories check_all="yes" restrict=".trg">C:/path</directories> > Please advise. > > Thanks > > ~Abhi > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
