--- /dev/null
+<!-- OSSEC example config -->
+
+<ossec_config>
+ <client>
+ <server-ip>192.168.10.100</server-ip>
+ </client>
+
+ <syscheck>
+ <!-- Frequency that syscheck is executed (default every 2 hours) -->
+ <frequency>7200</frequency>
+
+ <!-- Directories to check (perform all possible verifications) -->
+ <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
+ <directories check_all="yes">/bin,/sbin,/boot</directories>
+
+ <!-- Files/directories to ignore -->
+ <ignore>/etc/mtab</ignore>
+ <ignore>/etc/hosts.deny</ignore>
+ <ignore>/etc/mail/statistics</ignore>
+ <ignore>/etc/random-seed</ignore>
+ <ignore>/etc/random.seed</ignore>
+ <ignore>/etc/adjtime</ignore>
+ <ignore>/etc/httpd/logs</ignore>
+
+ <!-- Check the file, but never compute the diff -->
+ <nodiff>/etc/ssl/private.key</nodiff>
+ </syscheck>
+
+ <rootcheck>
+ <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
+ <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
+ </rootcheck>
+
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/messages</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/authlog</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/secure</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/xferlog</location>
+ </localfile>
+
+ <localfile>
+ <log_format>syslog</log_format>
+ <location>/var/log/maillog</location>
+ </localfile>
+
+ <localfile>
+ <log_format>apache</log_format>
+ <location>/var/www/logs/access_log</location>
+ </localfile>
+
+ <localfile>
+ <log_format>apache</log_format>
+ <location>/var/www/logs/error_log</location>
+ </localfile>
+</ossec_config>