Hey folks, Suppose I have /var/log set to <ignore>. What if I wanted to be alerted to a certain type of log that was dropped into this directory? Is it possible to add a certain regex/pattern to the <include> if the log exhibits unique patterns? For example, if I wanted to know if people are clearing their logs and I have that directory set to ignore, can I make a an exception?
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
