Hi, That page, which I've been to before is like the rest of the OSSEC documentation, sparse and not very clear. ;) It doesn't even say anything about "sregex" or which one is used within the <ignore> statement. I looked at the code and <ignore> seems to use the os_match library though.
-----Original Message----- From: ossec-list@googlegroups.com [mailto:ossec-l...@googlegroups.com] On Behalf Of dan (ddp) Sent: Tuesday, August 03, 2010 6:08 PM To: ossec-list@googlegroups.com Subject: Re: [ossec-list] File integrity checking ignore syntax The sregex syntax is VERY limited. This explains the syntax: http://www.ossec.net/wiki/Know_How:Regex_Readme On Tue, Aug 3, 2010 at 6:17 PM, Jefferson, Shawn <shawn.jeffer...@bcferries.com> wrote: > Hi, > > I'm monitoring a directory that contains application files and logs. I'd > like to ignore the logs. The filenames are in the format: blahblah.log.1 or > blahblah.log.22 (one or two digits indicating the day of the month.) > > I thought that this might do it, but doesn't seem to be working: > > <ignore type="sregex">.log.\d+$</ignore> > > What am I doing wrong here? > > Thanks, > Shawn >