Are you sure your config is not working?
I just tested this and it works for me:
<directories check_all="yes" restrict=".txt1|.txt2">/root</directories>
I created three test files:
root@vpc-ossec-manager:~# ls test.txt*
test.txt1 test.txt2 test.txt3
And this is what I get in my syscheck file:
root@vpc-ossec-manager:~# cat /var/ossec/queue/syscheck/syscheck | grep
test.txt
+++3:33188:0:0:764efa883dda1e11db47671c4a3bbd9e:55ca6286e3e4f4fba5d0448333fa99fc5a404a73
!1453933436 /root/test.txt1
+++5:33188:0:0:d8e8fca2dc0f896fd7cb4cb0031ba249:4e1243bd22c66e76c2ba9eddc1f91394e57f9f83
!1453933436 /root/test.txt2
There is nothing for test.txt3
I am using 2.9 version (development branch)
Best
On Tue, Jan 26, 2016 at 4:34 PM, Luke Hansey <[email protected]>
wrote:
> If I use:
>
> <directories check_all="yes"
> restrict=".php|.js">/var/www/vhosts/</directories>
>
> syscheck logs no changes to any file.
>
> If I use:
>
> <directories check_all="yes">/var/www/vhosts/</directories>
>
> Works fine and logs changes to any file.
>
> Am I missing something when using the *restrict *option?
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
