<!-- OSSEC example config --><ossec_config> <client> <server-ip>192.

1. <!-- OSSEC example config -->
2.  
3. <ossec_config>
4. <client>
5. <server-ip>192.168.190.20</server-ip>
6. </client>
7.  
8. <syscheck>
9. <!-- Frequency that syscheck is executed -- default every 2 hours -->
10. <frequency>60</frequency>
11.  
12. <!-- Directories to check (perform all possible verifications) -->
13. <directories report_changes="yes" check_all="yes" realtime="yes">/etc,/usr/bin,/usr/sbin</directories>
14. <directories report_changes="yes" check_all="yes" realtime="yes">/bin,/sbin</directories>
15. <directories report_changes="yes" check_all="yes" realtime="yes">/var/www</directories>
16.  
17. <!-- Files/directories to ignore -->
18. <ignore>/etc/mtab</ignore>
19. <ignore>/etc/hosts.deny</ignore>
20. <ignore>/etc/mail/statistics</ignore>
21. <ignore>/etc/random-seed</ignore>
22. <ignore>/etc/adjtime</ignore>
23. <ignore>/etc/httpd/logs</ignore>
24. </syscheck>
25.  
26. <rootcheck>
27. <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
28. <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
29. </rootcheck>
30.  
31. <localfile>
32. <log_format>syslog</log_format>
33. <location>/var/log/messages</location>
34. </localfile>
35.  
36. <localfile>
37. <log_format>syslog</log_format>
38. <location>/var/log/authlog</location>
39. </localfile>
40.  
41. <localfile>
42. <log_format>syslog</log_format>
43. <location>/var/log/secure</location>
44. </localfile>
45.  
46. <localfile>
47. <log_format>syslog</log_format>
48. <location>/var/log/xferlog</location>
49. </localfile>
50.  
51. <localfile>
52. <log_format>syslog</log_format>
53. <location>/var/log/maillog</location>
54. </localfile>
55.  
56. <localfile>
57. <log_format>apache</log_format>
58. <location>/var/www/logs/access_log</location>
59. </localfile>
60.  
61. <localfile>
62. <log_format>apache</log_format>
63. <location>/var/www/logs/error_log</location>
64. </localfile>
65. </ossec_config>