https://community.hpe.com/t5/operating-system-hp-ux/questions-on-using-ids/m-p/2698907#M757141 Hello,<BR /><BR /> I have IDS/9000 v2 on HPUX11.0 server. <BR /> I recieve many alerts "Filesystem change detected" for activities made on files :<BR />"/etc/syslog.conf.[0-9]+" (for example /etc/syslog.conf.6757). I tried regular expression with *, &lt;*&gt; to exclude it but it doesn't work.<BR /><BR /> Is any way to exclude these files ?<BR /><BR />Thanks,<BR />Alex<BR /> Mon, 08 Apr 2002 06:33:32 GMT shacharg 2002-04-08T06:33:32Z https://community.hpe.com/t5/operating-system-hp-ux/questions-on-using-ids/m-p/2698907#M757141 Hello,<BR /><BR /> I have IDS/9000 v2 on HPUX11.0 server. <BR /> I recieve many alerts "Filesystem change detected" for activities made on files :<BR />"/etc/syslog.conf.[0-9]+" (for example /etc/syslog.conf.6757). I tried regular expression with *, &lt;*&gt; to exclude it but it doesn't work.<BR /><BR /> Is any way to exclude these files ?<BR /><BR />Thanks,<BR />Alex<BR /> Mon, 08 Apr 2002 06:33:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/questions-on-using-ids/m-p/2698907#M757141 shacharg 2002-04-08T06:33:32Z https://community.hpe.com/t5/operating-system-hp-ux/questions-on-using-ids/m-p/2698908#M757142 Hi,<BR /><BR />Did you check the Administrator guide:<BR /><BR /><A href="http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/J5083-90007/J5083-90007_top.html&amp;con=/hpux/onlinedocs/J5083-90007/00/00/37-con.html&amp;toc=/hpux/onlinedocs/J5083-90007/00/00/37-toc.html&amp;searchterms=IDS&amp;queryid=20020408-012039" target="_blank">http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/J5083-90007/J5083-90007_top.html&amp;con=/hpux/onlinedocs/J5083-90007/00/00/37-con.html&amp;toc=/hpux/onlinedocs/J5083-90007/00/00/37-toc.html&amp;searchterms=IDS&amp;queryid=20020408-012039</A><BR /><BR />C. Mon, 08 Apr 2002 07:15:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/questions-on-using-ids/m-p/2698908#M757142 Clemens van Everdingen 2002-04-08T07:15:13Z https://community.hpe.com/t5/operating-system-hp-ux/questions-on-using-ids/m-p/2698909#M757143 Mon, 08 Apr 2002 07:39:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/questions-on-using-ids/m-p/2698909#M757143 Steve Steel 2002-04-08T07:39:39Z https://community.hpe.com/t5/operating-system-hp-ux/questions-on-using-ids/m-p/2698910#M757144 Use "/etc/syslog.conf." in the "Ignore these directories" in the Modifcation of files/directories template.<BR />This string will match /etc/syslog.conf.1212 but also /etc/syslog.conf.otherstuff.<BR /><BR />If you refer to the regular expression section in the appendix of the admin guide, /etc/syslog.conf.&lt;#&gt;$ is what you really want, but unfortunately this does not work.<BR /><BR />BTW, you can only specify regular expressions for the "directory property;" the "file" properties are only used for exact string matches. <BR /><BR />Pierre<BR /><BR /><BR /><BR /><BR /> Mon, 22 Apr 2002 23:24:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/questions-on-using-ids/m-p/2698910#M757144 Pierre Pasturel 2002-04-22T23:24:31Z