Hi All,
Could someone help me with exclude any process executable related to this path
/usr/local/manageengine/uems_agent/bin/*
(I can see a lot of incoming logs related to
/usr/local/manageengine/uems_agent/bin/dcpatchscan
/usr/local/manageengine/uems_agent/bin/dcconfig
/usr/local/manageengine/uems_agent/bin/dcservice
/usr/local/manageengine/uems_agent/bin/dcinventory
/usr/local/manageengine/uems_agent/bin/dcondemand
appreciate your help!
If your post is about the auditd module, then you can filter events with exclude rules on the exe. These rules should be placed early in your rules list.
-A exclude,always -F exe=/usr/local/manageengine/uems_agent/bin/dcpatchscan
-A exclude,always -F exe=/usr/local/manageengine/uems_agent/bin/dcconfig
-A exclude,always -F exe=/usr/local/manageengine/uems_agent/bin/dcservice
-A exclude,always -F exe=/usr/local/manageengine/uems_agent/bin/dcinventory
-A exclude,always -F exe=/usr/local/manageengine/uems_agent/bin/dcondemand
Β© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.