12 Sep
2014
12 Sep
'14
8:28 a.m.
On 12 September 2014 18:23, Jeremy Laidman <jlaidman at rebel-it.com.au> wrote:
And it's lower-case.
Sorry, I meant that "ignore" is usually in lower-case. I'm not sure it matters, but the man page examples use "ignore matchstring" in lower-case. The upper-case version, like "IGNORE=matchstring" is the format used in analysis.cfg, and defines to what to ignore when alerting rather that what to ignore when sending log messages. If you're trying to create a rule for analysis.cfg, then your "log" line is in the wrong format, and should be
LOG /appdata/logserver/local7.log IGNORE=%(?-i)apcontroller|cli.WARNING|cli.NOTICE
J