Kayvan A. Sylvan wrote: > My local_rules.xml contains these snippets: > > <rule id="100070" level="0"> > <if_sid>1002</if_sid> > <program_name>smbd</program_name> > <regex>^\s*Denied connection from (0.0.0.0)</regex> > <description>Ignoring smbd denied connection from</description> > </rule> > > <rule id="100080" level="0"> > <if_sid>1002</if_sid> > <program_name>smbd</program_name> > <regex>^\s*Connection denied from (0.0.0.0)</regex> > <description>Ignoring smbd denied connection from</description> > </rule>
Try changing this: <regex>^\s*Connection denied from (0.0.0.0)</regex> To this: <regex>^\s*Connection denied from 0.0.0.0</regex> Or this: <match>Connection denied from 0.0.0.0</match>
