On Fri, Feb 16, 2007 at 01:30:13PM -0500, Mark Haney wrote:
>
> Kayvan A. Sylvan wrote:
> >Okay, following up on ignoring certain alerts:
> >Part of my local_rules.xml is:
> > <rule id="100070" level="0">
> > <if_sid>1002</if_sid>
> > <match>smbd\.* Denied connection from (0.0.0.0)</match>
> > <description>Ignoring smbd denied connection from</description>
> > </rule>
>
> First guess, the <match> should be <regex> instead. <match> will
> exactly match what it has in the rule and by this the log doesn't match.
Okay. Thanks.
Is there documentation on what are the tags that can be put in the xml file?
---Kayvan
--
Kayvan A. Sylvan | Proud husband of | Father to my kids:
Sylvan Associates, Inc. | Laura Isabella Sylvan, | Katherine Yelena (8/8/89)
http://sylvan.com/~kayvan | my beautiful Queen. | Robin Gregory (2/28/92)
