This questions is along the same lines as my other query about regex maching.
I am getting these notifications:
Received From: satyr->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Nov 2 09:59:48 satyr seahorse-agent[6175]: Failed to send buffer
But I have the following in local_rules.xml:
<rule id="100040" level="0">
<if_sid>1002</if_sid>
<match>seahorse-agent</match>
<description>Ignore sea-horse failure to send buffer</description>
</rule>
So, what am I doing wrong?
---Kayvan
