[Aide] question about dealing with expected files

Keith Constable kccricket at gmail.com
Tue Mar 19 16:26:08 EET 2013


On Mon, Mar 18, 2013 at 8:21 PM, Smith, Cathy <cathy.smith at pnnl.gov> wrote:

>
>  Hi
>
> I have a question about dealing with expected files in the /var/log
> directory.   Is there a way to exclude files such as those in /var/log/sa
> that are normally added/dropped daily?   I’m running Red Hat’s RHEL6.2
> distribution of aide, aide-0.14.3.  I’ve tried just to have aide ignore
> them, but the files are still listed under the daily added and dropped
> sections of the log:
>         /var/log/sa NORMAL
>         !/var/log/sa/sa[0-9][0-9]$
>         !/var/log/sa/sar[0-9][0-9]$
>

>From the Aide manual: "It is generally a good idea to write the most
general rules last."

Try rearranging the rules like so:
        !/var/log/sa/sa[0-9][0-9]$
        !/var/log/sa/sar[0-9][0-9]$
        /var/log/sa NORMAL

Be specific first and broad later.

Regards,

Keith Constable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130319/c40a4363/attachment-0001.html 


More information about the Aide mailing list