Hi James:
Wecome to SEC.
In message <62f59502ef9ba1243ed41fab97ed887b@localhost>,
James Lay writes:
>Hey all,
>
>So I have as my first rule in sec.conf the below:
>
>type = single
>ptype = regexp
>pattern = TCP_|grep|tail|sudo
>desc = Ignore entries
>action = none
>
>I now have a case where I'd like to create a rule that matches on
>TCP_DENIED, however the above negates that. Is there a way I can create
>rules with specific ignores per rule? I've read through a fair amount
>of documentation, but just haven't seen something that addresses this.
>Thanks for any help you can provide.
SEC rules are applied in order, so put your TCP_DENIED rule before
this rule and you should be fine.
--
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
