Thanks Victor for the detailed reply! You were totally correct. Using the <match> option with the <if_sid> option was the way to go. I was able to set up some rules for the hosts I wanted to ignore (and test them). Thanks so much!
-- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
