Hey all, Sorry if this was covered elsewhere, but I was wondering if it's possible to setup chained rules (in this case, a rule to ignore) based on log names.
Essentially, I would want to ignore a Rule 1002 (level="0") *IF* the log source is /var/log/apache.log: 2011 Jul 20 15:54:45 (server1) 10.1.4.125->/var/log/apache.log Rule: 1002 (level 2) -> 'Unknown problem somewhere in the system.' Src IP: (none) User: (none) Error Is this possible?
