Okay it was too easy, that i thougt it does't work ;) You simple use the * Symbol
/opt/ossec/etc/shared/agent.conf: ... <directories check_all="yes">/opt/apache-tomcat*</directories> ... LogOutput: 2014/08/11 14:27:11 ossec-syscheckd: INFO: Monitoring directory: '/opt/apache-tomcat-VERSION1'. 2014/08/11 14:27:11 ossec-syscheckd: INFO: Monitoring directory: '/opt/apache-tomcat-VERSION2'. 2014/08/11 14:27:11 ossec-syscheckd: INFO: Monitoring directory: '/opt/apache-tomcat-VERSION3'. Am Montag, 11. August 2014 13:15:32 UTC+2 schrieb dan (ddpbsd): > > > On Aug 11, 2014 7:01 AM, "Alexander Pietrasch" <[email protected] > <javascript:>> wrote: > > > > > > > > Am Montag, 11. August 2014 12:54:59 UTC+2 schrieb Alexander Pietrasch: > >> > >> Hey there, > >> > >> i think i need a little bit help for the regex in Ossec. > >> > >> I have 3 directorys > >> > >> /opt/apache-tomcat-VERSION1 > >> /opt/apache-tomcat-VERSION2 > >> /opt/apache-tomcat-VERSION3 > >> > >> and i only want to integrity file check this 3 directorys in /opt/. > Everything else should not get checked. > >> > >> I tried it with > >> > >> <syscheckk> > >> <directories realtime="yes" check_all="yes" > regex=>^/opt/apache-tomcat-</directories> > >> </syscheck> > >> > >> But it doesn't work. > >> > >> Questions: > > > > > > 1. Does work regex for <directorys> > > Don't think so, but I haven't tried it. Give it a shot, report back. > Whatever that is above is obviously wrong, don't try that one. > > > 2. How can i regex this 3 Directorys > > > > Try adding a regex (probably sregex). If that doesn't work, try a glob. If > that doesn't work, add the 3 directories by hand. > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
