[osiris] Re: osiris 4.2.0
Dave
dave at terriblelies.net
Wed May 30 11:00:07 EDT 2007
Orlando Prince wrote:
> One more question, please
>
> Is there a way to filter the content of the e-mail coming to me?
>
> I want to be able to specify what File Systems I want to get report on
> For instance, do I need to do anything about lines like below in the
> e-mail report, and what can I do if I don't want to have them in the report?
>
> Thanks
>
> [211][servername][cmp][/etc/.syslog_door][mtime][Sun May 27 23:55:00
> 2007][Mon May 28 23:55:00 2007]
> [213][servername]cmp][/etc/.syslog_door][ctime][Sun May 27 23:55:00
> 2007][Mon May 28 23:55:00 2007]
> 213][servername][cmp][/etc/init.d/init.wbem][ctime][Sun May 27 00:26:30
> 2007][Mon May 28 22:30:59 2007]
> [213][servername][cmp][/etc/init.d/jfbinit][ctime][Sun May 27 00:26:30
> 2007][Mon May 28 22:30:59 2007]
You can filter using two methods. The first method involves creating
regular expressions to ignore certain log messages during a scan as
explained in the Osiris Handbook here:
http://osiris.shmoo.com/handbook.html#part2_chap5
Using edit-filters you would create a filter like this to ignore the
ctime and mtime changes for /etc/.syslog_door on all hosts:
\[cmp\]\[\/etc\/\.syslog_door\]\[(mtime|ctime)\]
The other method is to create a new scan config and exclude certain
files or directories from being scanned. This is detailed in chapter 6
of the Osiris Handbook: http://osiris.shmoo.com/handbook.html#part2_chap6
-dave
More information about the osiris
mailing list