[osiris] Re: osiris 4.2.0

[Orlando Prince]

Thanks

Dave <dave at terriblelies.net> wrote:  Orlando Prince wrote:
> One more question, please 
> 
> Is there a way to filter the content of the e-mail coming to me?
> 
> I want to be able to specify what File Systems I want to get report on
> For instance, do I need to do anything about lines like below in the 
> e-mail report, and what can I do if I don't want to have them in the report?
> 
> Thanks
> 
> [211][servername][cmp][/etc/.syslog_door][mtime][Sun May 27 23:55:00 
> 2007][Mon May 28 23:55:00 2007]
> [213][servername]cmp][/etc/.syslog_door][ctime][Sun May 27 23:55:00 
> 2007][Mon May 28 23:55:00 2007]
> 213][servername][cmp][/etc/init.d/init.wbem][ctime][Sun May 27 00:26:30 
> 2007][Mon May 28 22:30:59 2007]
> [213][servername][cmp][/etc/init.d/jfbinit][ctime][Sun May 27 00:26:30 
> 2007][Mon May 28 22:30:59 2007]

You can filter using two methods. The first method involves creating 
regular expressions to ignore certain log messages during a scan as 
explained in the Osiris Handbook here: 
http://osiris.shmoo.com/handbook.html#part2_chap5

Using edit-filters you would create a filter like this to ignore the 
ctime and mtime changes for /etc/.syslog_door on all hosts:

\[cmp\]\[\/etc\/\.syslog_door\]\[(mtime|ctime)\]

The other method is to create a new scan config and exclude certain 
files or directories from being scanned. This is detailed in chapter 6 
of the Osiris Handbook: http://osiris.shmoo.com/handbook.html#part2_chap6

-dave
_______________________________________________
osiris mailing list
osiris at lists.shmoo.com
https://lists.shmoo.com/mailman/listinfo/osiris


       
---------------------------------
Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/osiris/attachments/20070530/595109a2/attachment.htm