Templates and Alerts
Template Property Types
Type II: Pathnames/Programs Pairs
These properties allow users to specify combinations of file pathnames and program pathnames, such that alerts normally generated for files (i.e., regular files, directories, etc.) specified in the "Pathnames to be monitored" property are suppressed when the file(s) are modified by selected program(s).
Note that pathnames and programs are specified as regular expressions just as pathnames_to_[not]_watch are specified. See the default property settings for the kernel templates for examples of pathnames/programs pair specifications.
Pathnames/programs properties come in pairs. There can be n > 0 such pairs in a configuration file. For each member of a pair, its property values consist of a set of m > 0 lists. For the pathname member of a pair, each property value consists of a list of p > 0 regular expressions separated by ampersand (&) characters, whereas for its matching program member, each property value is a list of q > 0 regular expressions as its value. In general, p#q. An example of a valid property pair would be as follows:
pathnames_1 | f1 | & | f2 | f3 | & | f4 | & f5 | f6 | |
programs_1 | p1 | & | p2 | & p3 | p3 | & | p4 | p5 |
With these two lines, an alert is not generated for file f1 if the event was triggered by any of the p1, p2 or p3 programs; likewise, f2 is not monitored if the event was triggered by any of p1, p2 or p3. Analogously, an alert is suppressed for f3, f4, and f5 if the alert is triggered by program p3 or p4.
NOTE | The pair pathnames_0/programs_0 is a special case where alerts for files specified in | |||
| pathnames_0 will not be generated when the corresponding programs in programs_0 or | |||
| any of the program’s child processes or grandchild processes triggers the alert. For | |||
| example, for the Modification of Files/Directories template, if pathnames_0 contains | |||
| ^/opt/ to specify the /opt directory and programs_0 contains /usr/sbin/swinstall, | |||
| then alerts normally generated for modifications to files under /opt are suppressed when | |||
| the files are modified by either swinstall or any of its child processes (e.g., control | |||
| scripts) or grandchild processes (e.g., commands invoked in a control script). | |||
| • A set of two lines like: | |||
| ||||
| 1. |
|
|
|
| pathnames_1 | f1 | & f2 | |
| programs_1 | p1 | & p2 & p3 | |
| Is equivalent to the set of four lines: | |||
| 2. |
|
|
|
| pathnames_1 | f1 |
| |
| programs_1 | p1 | & p2 & p3 | |
| pathnames_2 | f2 |
| |
| programs_2 | p1 | & p2 & p3 | |
Or to the six lines set: 3.
130 | Appendix A |
