You can't really do that. If you know the IP -> hostname mappings ahead of time you can probably use cdb lists.
On Thu, Sep 29, 2011 at 6:57 PM, Steve Young <[email protected]> wrote: > Hi, > > I would like to say "suppress this rule if srcip is the same as > hostname". This does NOT work: > > <rule id="100000" level="5"> > <if_sid>1234</if_sid> > <srcip>!hostname</srcip> > <description>ignore if srcip is the same as hostname</description> > </rule> > > What's the correct way to do this? > > Thanks! > Steve > > PS. I'm using v2.6.0.
