Thank you :) Setup match and regex in rules, worked for me
<rule id="100004" level="0"> > <if_group>syscheck</if_group> > <match> '/var/lib/tomcat7/OFFLINE/</match> > <regex> '\.+.pdf'| '\.+.odt'</regex> > <description>Ignore OFFLINE documents</description> > </rule> No luck with ignore with type="sregex" <ignore type="^sregex">/var/lib/tomcat7/OFFLINE/\.*.pdf</ignore> -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
