Add 'ignore' feature to ossec_local_files parameter

wazuh / wazuh-puppet

Wazuh - Puppet module

https://wazuh.com

GNU General Public License v2.0

46 stars 135 forks source link

Add 'ignore' feature to ossec_local_files parameter #1093

Open Eldorico opened 2 months ago

Eldorico commented 2 months ago

Could be used with:

- location:   /var/log/audit/audit.log
  ignore:
    type: PCRE2
    value: 'comm="(ipset|runc|grep|conmon|iptables|ip6tables|awk)"'
  log_format: audit
- location:   /var/log/syslog
  log_format: syslog