[osiris] Re: filters syntax
dave at terriblelies.net
dave at terriblelies.net
Mon Jul 23 18:12:00 EDT 2007
> hi,
>
> I'am using osiris 4.2.3
> I would like to create filter to avoid check of "ctime" property.
> How can I do this ?
> I don't find any documentation on filters syntax.
>
> Thanks for your help.
Filters for osiris work on a regular expression against the log output
from a scan. For example, if you have a file that changes in ctime you
will receive a message such as this:
[213][hostA][cmp][/opt/tmpfile][ctime][Tue Jul 17 10:56:26 2007][Sun Jul
22 16:14:40 2007]
If you want to create a filter to ignore this message, add a line to
your filters that looks like this:
\[hostA\]\[cmp\]\[\/opt\/tmpfile\]\[ctime\]
That will match only that file's ctime for hostA. If you wanted to have
this take effect across all hosts, just remove the \[hostA\] part. If
you want to do both mtime and ctime, use \[(mtime|ctime)\] instead of
\[ctime\].
Hope this helps, let us know if you have more questions.
-dave
More information about the osiris
mailing list