Guardian ignore list false positive

General questions.
Post Reply
User avatar
Posts: 459
Joined: March 1st, 2016, 3:18 pm
Location: Romania

Guardian ignore list false positive

Post by Deepcuts » February 3rd, 2018, 3:47 pm


Searched the forums but could not find an answer. My apologize if this has been discussed in the past.

Seen this behavior several times now and decided it is time to get to the bottom of it.
In /var/log/messages I can see

Code: Select all

Ignoring event for IP because it is part of the ignore list
The problem is: that IP or subnet is NOT part of my ignore list.
My ignore list is very small. 5 IPs. No subnets.

Am I reading the log wrong and the ignore does not refer to the IP but to the actual event/rule?

Post Reply