Indeed it does!! Thanks for the help, really appreciate it!
On Tuesday, March 6, 2018 at 3:55:11 PM UTC-8, dan (ddpbsd) wrote:
>
> On Tue, Mar 6, 2018 at 6:52 PM, Rob Williams > wrote:
> > I am trying to create a child rule to 1002 (which I have silenced) to
> alert
> > in certain cases. I can
On Tue, Mar 6, 2018 at 6:52 PM, Rob Williams wrote:
> I am trying to create a child rule to 1002 (which I have silenced) to alert
> in certain cases. I can get the rule to work if I remove the regex portion;
> however, I don't want that as a permanent solution. My rule is below, and a
> sample log
I am trying to create a child rule to 1002 (which I have silenced) to alert
in certain cases. I can get the rule to work if I remove the regex portion;
however, I don't want that as a permanent solution. My rule is below, and a
sample log entry is below as well. Am I doing something wrong when i
