I am suggesting that rule 13101 be changed as I have done overwriting it
in my local_rules.xml. There is more than one smbd message that uses
"Transport endpoint is not connected".
Here is my overwite:
<group name="syslog,smbd,">
<!-- This is the distrbuted smbd rule
<rule id="13101" level="0">
<if_sid>13100</if_sid>
<match>getpeername failed. Error was Transport endpoint</match>
<description>Samba network problems.</description>
</rule>
-->
<!-- This is the changed rule
getpeername is not the only message
using "Transport endpoint is not connected" -->
<rule id="13101" level="0" overwrite="yes">
<if_sid>13100</if_sid>
<match>Transport endpoint is not connected</match>
<description>Samba network problems.</description>
</rule>
</group> <!-- syslog,smbd -->
Regards,
Dennis
--
Dennis Golden
Golden Consulting Services, Inc.
