I have a large number of applications that i need to monitor and i was
wondering if there is a syscheck configuration option that i can use that
will not scan certain directories and/or files(similar to the way the
skip_nfs aborts syschecks). I have my agent_conf set to ignore the
directories that i want to ignore, however syscheck still scans on the
agents and creates entries in /var, potentially filling up diskspace. Given
the large number of apps that we have, writing custom rules to remedy this
is tedious.
I have my agent configuration scanning in real time like this:
<directories check_all="yes" realtime="yes"
report_changes="yes">path/to/dir</directories><ignore>path/to/logs</ignore>
This is what is listed in the Documentation, is there a config option
anyone can think of that will help with my issue?
ignore
List of files or directories to be ignored (one entry per element). *The
files and directories are still checked, but the results are ignored.*
*Default:* /etc/mtab
*Attributes:*
-
*type*: Value=sregex
- This is a simple regex pattern to filter out files so alerts are not
generated.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
