Hi Ricardo, Yes, you can use wildcards in there by setting the type to sregex. They just need to be in the "ossec regex" format. This is how we ignore Windows files:
<ignore type="sregex">.log$|.htm$|.jpg$|.png$|.chm$|.pnf$</ignore> Or you can ignore them using the rules directly, where you have much more flexibility (per agent, per time, regexes, etc). Example: <rule id="100111" level="0"> <if_group>syscheck</if_group> <match>/etc/www/logs</match> <description>Ignoring /etc/www/logs change.</description> </rule> Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net On Tue, Jul 8, 2008 at 4:53 PM, Ricardo Cantu <[EMAIL PROTECTED]> wrote: > > Can wildcards be used in the <ignore> container for the <syscheck> section in > the ossec.conf file? > > Example: > <ignore>/somepath/somefile*</ignore> > > > -- > Computer Services > Ricardo Cantu > Vice President > > Home office > 3506 Buchanan St Suite C > Wichita Falls, TX 76308 > (940) 696-3010 > > El Paso branch > 14553 Desierto Lindo Ave > El Paso, TX 79928 > (915) 219-7119 > >
