[ossec-list] How to say "srcip not same as hostname" in a rule?

[Steve Young]

Hi,

I would like to say "suppress this rule if srcip is the same as
hostname". This does NOT work:

  <rule id="100000" level="5">
    <if_sid>1234</if_sid>
    <srcip>!hostname</srcip>
    <description>ignore if srcip is the same as hostname</description>
  </rule>

What's the correct way to do this?

Thanks!
Steve

PS. I'm using v2.6.0.