The "<!--" and "-->" designate anything in between them as commented out. Remove them and things may work a bit more like you'd expect.
On Tue, Mar 9, 2010 at 2:26 PM, Devendra Agrawal <devendra.agra...@gmail.com> wrote: > Hi, > > I want to know the syntax for auto_ignore and alert_new_files option. I > tried the following and restarted the agent services but it doesn't alert as > expected. I also have realtime check enabled. > > <syscheck> > <!-- Frequency that syscheck is executed - default to every 22 hours --> > <frequency>79200</frequency> > <!-- auto_ignore>no</auto_ignore--> > <!-- alert_new_files>yes</alert_new_files --> > <!-- Directories to check (perform all possible verifications) --> > <directories realtime="yes" > check_all="yes">/etc,/usr/bin,/usr/sbin</directories> > <directories realtime="yes" check_all="yes">/bin,/sbin</directories> > > <!-- Files/directories to ignore --> > <ignore>/etc/mtab</ignore> > <ignore>/etc/mnttab</ignore> > <ignore>/etc/hosts.deny</ignore> > <ignore>/etc/mail/statistics</ignore> > <ignore>/etc/random-seed</ignore> > <ignore>/etc/adjtime</ignore> > <ignore>/etc/httpd/logs</ignore> > <ignore>/etc/utmpx</ignore> > <ignore>/etc/wtmpx</ignore> > <ignore>/etc/cups/certs</ignore> > <ignore>/etc/dumpdates</ignore> > <ignore>/etc/svc/volatile</ignore> > </syscheck>
