[osiris] Configs and Filters
Reiner Kief
office at kief-online.de
Thu Jan 24 03:20:38 EST 2008
Hello Folks.
I did it, I reduced the amount of mails from 700 to 300, great. ;-)
Like I announced yesterday, I built a filter to filter out changes to
the "/var/log", but it didn't work. I didn't want to exclude the /var/
log/ completely. The external auditor (PCI DSS) wants us to be
alerted on missing logfiles. Well, I am not familiar to regex. So,
what I built is this:
# Filter for Windows logfiles
\[cmp\]\[e:\\programme\\syslogd\\logs\\.*\]
\[cmp\]\[e:\\programme\\syslogd\\.*\]
\[cmp\]\[c:\\winnt\\system32\\.*\]
\[cmp\]\[c:\\windows\\osiris\\hosts\\.*\]
The filters above seemed to work, but not the following:
# Filter for MacOSX files
\[cmp\]\[/var/log/.*.log*\]
\[cmp\]\[/var/log/wtmp.*\]
\[cmp\]\[/bin/.*\]
\[cmp\]\[/sbin/.*\]
\[cmp\]\[/usr/bin/.*\]
\[cmp\]\[/usr/sbin/.*\]
Why? Does it have to be
\[cmp\]\[\/var\/log\/.*.log*\]
Do I need a dot before the asterisk?
Thanks again.
Reiner Kief
Software developer and IT-Consultant
Weinbergstrasse 45
63853 Moemlingen
Germany
office at kief-online.de
phone +49 6022 681631
mobile +49 160 7326056
VAT-ID: DE250520381
Member of www.die4DWerkstatt.de
http://www.linkedin.com/in/reinerkief
More information about the osiris
mailing list