General questions.
Post by Deepcuts » February 3rd, 2018, 3:47 pm


Searched the forums but could not find an answer. My apologize if this has been discussed in the past.

Seen this behavior several times now and decided it is time to get to the bottom of it.
In /var/log/messages I can see

Ignoring event for IP because it is part of the ignore list
The problem is: that IP or subnet is NOT part of my ignore list.
My ignore list is very small. 5 IPs. No subnets.

Am I reading the log wrong and the ignore does not refer to the IP but to the actual event/rule?

