I'm trying to monitor file changes within a specific location on a production server's d:\ drive (d:\filestomonitor), but want to exclude a sub-folder, 'Logs', within it (d:\filestomonitor\Logs). I'm using the following expression:
[filter:blacklist:Logs-blacklist]
regex1 = D:\filestomonitor\.*\Logs\
[fschange:D:\filestomonitor\*]
index=_audit
recurse = true
followLinks = false
signedaudit = false
fullEvent = true
sendEventMaxSize = 1048576
delayInMills = 1000
filters = configs,Logs-blacklist
Could somebody please help provide me with the correct syntax?
Appreciate your help!