On Wed, Aug 4, 2010 at 6:18 PM, Jefferson, Shawn <shawn.jeffer...@bcferries.com> wrote: > Trying to figure this out, it looks like the Simplified Regex only allows > ^,$,| and from looking at the code, you can put “type=sregex” after the > ignore statement, but nothing to allow a more complex regex. Can anyone > verify that this is the case? > >
Correct. > > I guess I am stuck putting something like this in my ossec.conf: > > <ignore type=”sregex”>.log.1$|.log.2$|.log.3$ […] | .log.31$</ignore> > > I can't think of another way to do it offhand.
