Hi, I have directories (/var/www/*) containing over 20 million files (inodes), and rootcheck takes many hours to complete each day because of it. I'd like to completely exclude this directory from rootcheck scans to reduce the load.
>From what I understand, using the <ignore> option in the <rootcheck> section only suppresses the warning but doesn't prevent rootcheck from scanning the directory itself. Is there a supported way to completely skip a specific directory from rootcheck processing? Thanks in advance for any guidance. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/ossec-list/90ac195f-3411-4c1d-88e5-0594bbdf4eedn%40googlegroups.com.
