[Aide] Monitoring log files

Sonixxfx sonixxfx at gmail.com
Fri Dec 8 12:50:48 EET 2006


Ok, thanks Richard.

I want to monitor /etc/mtab and I only want to be informed about it when
something changes of p+n+u+g of that file.
I would like to monitor /etc with p+i+n+u+g+s+b+m+c+md5+sha1.

Can you show me how I can do that? I have tried to set it up myself but
without success. When something other than p+n+u+g of /etc/mtab changes,
aide shows me that /etc is changed, but I don't want that.

Regards,

Ben



2006/12/8, Richard van den Berg <richard at vdberg.org>:
>
> Sonixxfx wrote:
> > I would like to ask another question. I don't understand in what way "="
> > works. Can you explain to me if it would be used on a directory, say
> > "/etc", to which part of the directory it would apply then? And if it
> > would be used on a file, what effect would it have then?
>
> Equals rules are simple rules, do not support regular expressions, and
> no recursion occurs. So
>
> =/etc R
>
> Would just add the /etc directory itself, but not the files in it.
>
> =/etc/hosts R
>
> Would just add the /etc/hosts file.
>
> Sincerely,
>
> Richard van den Berg
> _______________________________________________
> Aide mailing list
> Aide at cs.tut.fi
> https://mailman.cs.tut.fi/mailman/listinfo/aide
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.tut.fi/pipermail/aide/attachments/20061208/0b7687c9/attachment.html 


More information about the Aide mailing list