For the ignore option (for silencing a rule for X seconds), does it silence the rule for X seconds no matter the source IP or does it look at the source ip?
My observation is that it silences the rule for X seconds no matter the source IP. Ideally I would silence the IP for X seconds so that after I've taken action (say ban for 30 minutes), then ossec wont have to alert about it for 30 minutes too. Thank you.
