HPE Community
Operating System - HP-UX
1833738 Members
2641 Online
110063 Solutions
New Discussion

An HIDS question

 
SOLVED
Go to solution
Andrew Pollard
Super Advisor

‎03-02-2005 03:06 AM

‎03-02-2005 03:06 AM

An HIDS question

Hi,

I am currently testing and configuring HIDS and I am wondering if "*" works?

I would like to monitor specific subdirs in a file system, for example my directory tree is:
/andrew/u1/code/test1
/andrew/u1/code/test2
/andrew/u2/code/test1
/andrew/u2/code/test2

I only want to monitor changes made in "test1" subdir, but when I use: /andrew/*/code/test1
in Schedule Manager, I don't get any alerts.

Any help would be great.
Thanks
Andrew
0 Kudos
Reply
2 REPLIES 2
Pierre Pasturel
Respected Contributor

‎03-02-2005 06:38 AM

‎03-02-2005 06:38 AM

Solution

Re: An HIDS question

Andrew -

Please refer to p.126 (Unix Regular Expressions) in the v3.0 Admin Guide for good examples that will answer your question. This page also encourages you to refer to the regexp(5) man page. The last example on page 126 describes what you need to do. Try something like this:

^/andrew/u[1,2]/code/test1/
or something a bit more general such as
^/andrew/[^/]*/code/test1/

Be sure to anchor your RE at the beginning (^) and to specify the last slash at the end (also see examples for why this makes a difference).

When you specify "/andrew/*/code/test1" you are tryig to match 0 or more forward slahes and nothing else, so the "u1" or "u2" are not matched. Also, the subdirectory test11, test1hello, test123, etc... and its contents will also be matched unintentionally if you do not specify the trailing slash (/).

Pierre
Reply
Andrew Pollard
Super Advisor

‎03-02-2005 07:11 AM

‎03-02-2005 07:11 AM

Re: An HIDS question

Hi Pierre,

That worked perfectly.

Thanks very much.

Andrew
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.