Monitor changes in individual folders with FIM module

Hello Auditbeat Team,

I want to monitor individual user ssh folders for changes with the FIM module.

/home/mary.jane/.ssh
/home/frank.sinatra/.ssh
/home/john.doe/.ssh

Ive tried to use wildcards/regex within FIM but doesnt seem to work.

• module: file_integrity
  paths:
  • /root/.ssh
  • '/home/%/.ssh'
• '/home/*/.ssh'
• /home/%/.ssh

Suggestions would be appreciated.

The documentation of 6.6.2 says Globs are not supported.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.