I am trying to create a child rule to 1002 (which I have silenced) to alert
in certain cases. I can get the rule to work if I remove the regex portion;
however, I don't want that as a permanent solution. My rule is below, and a
sample log entry is below as well. Am I doing something wrong when it comes
to matching based on regex?
<rule id="99999" level="10">
<match>+0000 ERROR TcpOutputFd - Connection to host=\S+ failed</match>
<description>Unsilence 1002 for failed TcpOutputFd connections
03-06-2018 21:53:42.475 +0000 ERROR TcpOutputFd - Connection to
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.