Hey guys! I have a machine working a reverse proxy that redirect requests to another machine which is my webserver and am receiving a lot of alerts of my webserver that has the ip of my reverse proxy. I don't want to receive alerts of my webserver that has the ip of my reverse proxy.
I found a rule below to ignore any alert but how can I specify to ignore alerts only in access.log and error.log from reverse proxy ? <rule id="100123" level="0"> <if_level>8</if_level> <srcip>*Ip of my reverse proxy*</srcip> <description>Ignoring any alert above level 8 that has MYIP decoded.</description> <rule> many thanks!
