[ossec-list] Local Rules Syntax

[Jefferson, Shawn]

Hi,

I'm putting some local rules into the local_rules.xml file on the manager (from 
what I've read you can put them here to push out to your agents?)

Can you use a comma separated list in <hostname> like so ?

<group name="local,snort">
<rule id="100100" level="0" noalert="1">
<if_sid>20100</if_sid>
<hostname>snort01, snort02</hostname>
<description>Ignoring snort events</description>
</rule>
</group>

Or should you use a regex?

Thanks,
Shawn