On Thu, Mar 19, 2020 at 4:59 PM Leroy Tennison <leroy.tenni...@gmail.com> wrote: > > Running v3.3.0 on the server and v3.2.0 on the client, trying to exclude > *.bz2 in a given directory, I tried: > > <agent_config profile="bfr"> > <syscheck> > <ignore type="sregex">/path/to/.bz2$</ignore>
I think this will ignore '/path/to/.bz2' and only that file. > </syscheck> > </agent_config> > > based on another post. I obviously don't understand how to do it because > it's not working. /var/ossec/etc/shared/agent.conf shows the above and > ossec.conf on the client has: > > <ossec_config> > <client> > <server-ip>10.22.14.11</server-ip> > <config-profile>bfr, cfg, ubuntu</config-profile> > </client> > > I've also tried the above with the qcow2 extension and get the same result. > > In general, how do I write an OSSEC specification to exclude all files with a > given extension? Thanks for your help. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ossec-list+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ossec-list/6b541572-515d-4346-9fc7-cc57a5f2b76b%40googlegroups.com. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/CAMyQvMr2daWp-F8hD1uK_jGy6QnSB6%3D4EF_zM2Ld0Ga9Zf7Hvw%40mail.gmail.com.