Ignore file type on integrity check for a specific subfolder

[Nono-m0le]

Hi,

Using OSSEC 3.3.0 on a LOCAL installation, I'm trying (but failed) to keep integrity check for a all the folders setup but IGNORING specific file type (let's say .log & .log.gz) on a subfolder only : /var/www/HERE (aka, I want to continu watching .log file on other directories).

I try numerous things, but none of them seems to works correctly : using "restrict" on reverse mode (doesn't seem valid) : <directories report_changes="yes" restrict="!.log|!.log.gz" check_all="yes">/var/www/</directories> Using those ignore entries :

    <ignore type="sregex">/var/www/*.log$</ignore>
    <ignore type="sregex">/var/www/*.log</ignore>
    <ignore type="sregex">/var/www/*.log.gz$</ignore>

It's somehow like we could only ignore file type (*.log$) but for ALL the folders, which is not what I would like to achieve.

Is there any other possibility to do that ?

[Nono-m0le]

could it be a duplicate of https://github.com/ossec/ossec-hids/issues/1771 ? (If so, sorry for the noise)

[atomicturtle]

Yes, this is sort of a dup of #1771 or at least related, since that is for windows. We'll keep these separate since fixing one doesnt always mean it fixes the other