[Aide] question about dealing with expected files
Keith Constable
kccricket at gmail.com
Tue Mar 19 16:26:08 EET 2013
On Mon, Mar 18, 2013 at 8:21 PM, Smith, Cathy <cathy.smith at pnnl.gov> wrote:
>
> Hi
>
> I have a question about dealing with expected files in the /var/log
> directory. Is there a way to exclude files such as those in /var/log/sa
> that are normally added/dropped daily? I’m running Red Hat’s RHEL6.2
> distribution of aide, aide-0.14.3. I’ve tried just to have aide ignore
> them, but the files are still listed under the daily added and dropped
> sections of the log:
> /var/log/sa NORMAL
> !/var/log/sa/sa[0-9][0-9]$
> !/var/log/sa/sar[0-9][0-9]$
>
>From the Aide manual: "It is generally a good idea to write the most
general rules last."
Try rearranging the rules like so:
!/var/log/sa/sa[0-9][0-9]$
!/var/log/sa/sar[0-9][0-9]$
/var/log/sa NORMAL
Be specific first and broad later.
Regards,
Keith Constable
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130319/c40a4363/attachment-0001.html
More information about the Aide
mailing list