1 <!-- OSSEC example config -->
5 <server-ip>192.168.10.100</server-ip>
9 <!-- Frequency that syscheck is executed -- default every 2 hours -->
10 <frequency>7200</frequency>
12 <!-- Directories to check (perform all possible verifications) -->
13 <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
14 <directories check_all="yes">/bin,/sbin</directories>
16 <!-- Files/directories to ignore -->
17 <ignore>/etc/mtab</ignore>
18 <ignore>/etc/hosts.deny</ignore>
19 <ignore>/etc/mail/statistics</ignore>
20 <ignore>/etc/random-seed</ignore>
21 <ignore>/etc/adjtime</ignore>
22 <ignore>/etc/httpd/logs</ignore>
26 <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
27 <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
31 <log_format>syslog</log_format>
32 <location>/var/log/messages</location>
36 <log_format>syslog</log_format>
37 <location>/var/log/authlog</location>
41 <log_format>syslog</log_format>
42 <location>/var/log/secure</location>
46 <log_format>syslog</log_format>
47 <location>/var/log/xferlog</location>
51 <log_format>syslog</log_format>
52 <location>/var/log/maillog</location>
56 <log_format>apache</log_format>
57 <location>/var/www/logs/access_log</location>
61 <log_format>apache</log_format>
62 <location>/var/www/logs/error_log</location>