For the Windows client, MrBig, has anyone fooled around with the rules for parsing the log files? We have a "MIMEsweeper log" that just cannot figure out syntax to suppress false alerts.
There is a DNS lookup error that we do not regard as fatal so have tried variations in the mrbig.cfg file of the following entries -
ignore source MIMEsweeper log # ignore the log file ignore source "MIMEsweeper log" ignore message DNS # ignore any event with DNS in body
Bouncing the MrBig service after each change although per documentation this should not be necessary. Version 0.20.
The "ignore message" looks to be pretty broad in scope; does not appear to support filtering on a single log file so in the above (if it was working as we would expect...) a DNS message in another log file would also be trapped out.
We went with MrBig as it sounded like BBWin was withering away. No support forum for MrBig (yet?). Hoping it is something obvious I am missing that someone can deliver sufficient blunt trauma before I start wading through the source code.