Howto configure OSSEC for APF
A quick howto configure your OSSEC installation for APF Iptables firewall frontend
Step 1: Open OSSEC config for editing
nano -w /var/ossec/etc/ossec.conf
Step 1.1: Locate “Files/directories to ignore”, And add new lines
<ignore>/etc/prelink.cache</ignore>
<ignore>/etc/apf/internals/.last.full</ignore>
<ignore>/etc/apf/internals/.apf.restore</ignore>Step 2: Restart OSSEC when your done editing
/var/ossec/bin/ossec-control restart