All,
I am getting an alert "Saved Search [ForwarderLevel - File Too Small to checkCRC occurring multiple times]: number of events (18) "
The file is a file on my Solaris boxes.
'/etc/dfs/sharetab'
I don't care about this file, so I thought I could just black list it in my inputs.conf like this. But doens't seem to be working. Any idea what I am missing?
[monitor:///etc]
index = configs
whitelist=(\.conf|\.cfg|config$|\.ini|\.init|\.cf|\.cnf|shrc$|^ifcfg|\.profile|\.rc|\.rules|\.tab|tab$|\.login|policy$)
blacklist = sharetab
disabled = False
↧