Ignore multiple subdirectories with regex

[Daniel Valbuena Sosa]

Hi,

I would like to know if is possible to exclude multiple directories using regexp rather than create exclusions per directory. e.g.:

Current situation:I have to create a ignore rule per directory within www:

<ignore>/var/www/hosts01/tmp</ignore>

<ignore>/var/www/hosts02/tmp</ignore>

<ignore>/var/www/hosts03/tmp</ignore>

<ignore>/var/www/hosts04/tmp</ignore>

<ignore>/var/www/hosts05/tmp</ignore>

Due, my environment is dynamic, more hosts0* will exist,so, I'm wondering if something like:

<ignore type="sregex">/var/www/hosts0*/tmp</ignore>

is it possible to implement.

Thanks for your clarification.

Best,

DanielVS

[Borja Arroba]

Hi, Daniel,

It is in our roadmap to implement the use of regular expressions, not only wildcards, in the ignore tag and directories and in the restrict option.

A big change is coming in the File Integrity Monitoring module and it is quite likely that we will include this new feature at this point.
 
You can see the progress in the next issue:

https://github.com/wazuh/wazuh/issues/3073

Regards.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To post to this group, send email to wa...@googlegroups.com.
Visit this group at https://groups.google.com/group/wazuh.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c4e000f0-df2b-4f3b-8aa8-7e33eca83808%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.