[Integrit-users] Good rule for the logs directory

[<tw...@it...>]

I am currently ignoring the log directory /var/log with integrit because I
could not get it to give me reasonable output. That is to say every option
I tried returned data every day.

For now I have disabled any integrit checking of /var/log altogether.

Basically I was wondering if anyone had a rule for /var/log that checked
for a few things but did not have so many false positives.

Cheers,

Terrence