[osiris] RE : Re: filters syntax
Baptiste LEMARIE
baptiste_lemarie at yahoo.fr
Mon Jul 30 04:23:22 EDT 2007
hi,
that's work well.
thx :)
dave at terriblelies.net a écrit : > hi,
>
> I'am using osiris 4.2.3
> I would like to create filter to avoid check of "ctime" property.
> How can I do this ?
> I don't find any documentation on filters syntax.
>
> Thanks for your help.
Filters for osiris work on a regular expression against the log output
from a scan. For example, if you have a file that changes in ctime you
will receive a message such as this:
[213][hostA][cmp][/opt/tmpfile][ctime][Tue Jul 17 10:56:26 2007][Sun Jul
22 16:14:40 2007]
If you want to create a filter to ignore this message, add a line to
your filters that looks like this:
\[hostA\]\[cmp\]\[\/opt\/tmpfile\]\[ctime\]
That will match only that file's ctime for hostA. If you wanted to have
this take effect across all hosts, just remove the \[hostA\] part. If
you want to do both mtime and ctime, use \[(mtime|ctime)\] instead of
\[ctime\].
Hope this helps, let us know if you have more questions.
-dave
_______________________________________________
osiris mailing list
osiris at lists.shmoo.com
https://lists.shmoo.com/mailman/listinfo/osiris
---------------------------------
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/osiris/attachments/20070730/910f8ef5/attachment.htm
More information about the osiris
mailing list