Hello,
I have a simple rule tree:
rule id=100101 level=2
if_sid1/if_sid
match[rsyslog-pri 0]|[rsyslog-pri 1]|[rsyslog-pri 2]|[rsyslog-pri
3]/match
grouphigh_lvl_syslog,/group
descriptionUnspecified err, crit, alert or emerg syslog
event./description
Ahh, I see now. Must have missed that in documentation, or just forgot.
Thank you!
On Friday, April 27, 2012 5:49:08 PM UTC+3, Daniel Cid wrote:
Hey,
It doesn't get checked, because it will try the rule 100112 first
(which would have a high severity) and matches
the event.