1 <!-- OSSEC example config -->
5 <server-ip>192.168.10.100</server-ip>
9 <!-- Frequency that syscheck is executed (default every 2 hours) -->
10 <frequency>7200</frequency>
12 <!-- Directories to check (perform all possible verifications) -->
13 <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
14 <directories check_all="yes">/bin,/sbin,/boot</directories>
16 <!-- Files/directories to ignore -->
17 <ignore>/etc/mtab</ignore>
18 <ignore>/etc/hosts.deny</ignore>
19 <ignore>/etc/mail/statistics</ignore>
20 <ignore>/etc/random-seed</ignore>
21 <ignore>/etc/random.seed</ignore>
22 <ignore>/etc/adjtime</ignore>
23 <ignore>/etc/httpd/logs</ignore>
25 <!-- Check the file, but never compute the diff -->
26 <nodiff>/etc/ssl/private.key</nodiff>
30 <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
31 <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
35 <log_format>syslog</log_format>
36 <location>/var/log/messages</location>
40 <log_format>syslog</log_format>
41 <location>/var/log/authlog</location>
45 <log_format>syslog</log_format>
46 <location>/var/log/secure</location>
50 <log_format>syslog</log_format>
51 <location>/var/log/xferlog</location>
55 <log_format>syslog</log_format>
56 <location>/var/log/maillog</location>
60 <log_format>apache</log_format>
61 <location>/var/www/logs/access_log</location>
65 <log_format>apache</log_format>
66 <location>/var/www/logs/error_log</location>