Hi,
Can someone please help with the regex? I want to exclude all the .jpg
files in xxx/xxx/,
I have config in ossec.conf below:
<alert_new_files>yes</alert_new_files>
<directories check_all="yes">/home/xxx</directories>
<ignore>/home/xxx/xxx/\S*\.jpg</ignore>
</syscheck>
However it seems it's still not ignoring all the jpg files, still getting
alerts for all the new jpg files.
Also used 'ossec-regex' for testing,
> /var/ossec/bin/ossec-regex '/home/xxx/xxx/\S*\.jpg'
> New file '/home/xxx/xxx/yyy.jpg' added to the file system.
+OSRegex_Execute: New file '/home/xxx/xxx/yyy.jpg' added to the file system.
+OS_Regex : New file '/home/thefanatics/yyy.jpg' added to the file
system.
^C
Seems to be matching.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
