Have you tried <location>?
On Wed, Jul 20, 2011 at 6:57 PM, jplee3 <[email protected]> wrote: > Hey all, > > Sorry if this was covered elsewhere, but I was wondering if it's > possible to setup chained rules (in this case, a rule to ignore) based > on log names. > > Essentially, I would want to ignore a Rule 1002 (level="0") *IF* the > log source is /var/log/apache.log: > > 2011 Jul 20 15:54:45 (server1) 10.1.4.125->/var/log/apache.log > Rule: 1002 (level 2) -> 'Unknown problem somewhere in the system.' > Src IP: (none) > User: (none) > Error > > > Is this possible? > > > >
