27 Jun
2016
27 Jun
'16
2:17 p.m.
Hey,
Just curious about how "ignore" and "trigger" work together in the clientlocal.cfg file. Let's say I have a log message like
2016-06-26 03:33:41 (myhost): [RED ALERT] File is missing?
and rules in clientlocal such that
log:/var/log/some.log:10240 ignore "File is missing" trigger "RED ALERT"
Which takes precedence? Is it just the order the rules are listed?
thanks
=G=