On Fri, Sep 21, 2018 at 3:57 AM <[email protected]> wrote: > > Hi, > > I'm trying to configure sregex in my ossec config file to avoid integrity > alerts for files like <something>.log and <something>.log.[Aa-Zz/0-9] . E.g. > I want to skip files like /var/service/ngnix.log and /var/service/ngnix.log.1 > > However, I can not make it work. I have reviewed the OSSEC documentation and > searched the Internet but I can not and I feel desperate. > > This is what I have: > > <ignore type="sregex">.log$|.log.*|.tmp|.old$|.pid</ignore> > > What I am doing wrong? Can somebody help me, please? >
File globbing is not part of sregex: http://www.ossec.net/docs/syntax/regex.html?highlight=sregex#os-match-sregex-syntax The documentation for "ignore" says: List of files or directories to be ignored (one entry per element). Which leads me to believe each of those entries should be a separate "<ignore>" entry. > > Thanks, > Julian > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
