Searched the forums but could not find an answer. My apologize if this has been discussed in the past.
Seen this behavior several times now and decided it is time to get to the bottom of it.
In /var/log/messages I can see
The problem is: that IP or subnet is NOT part of my ignore list.
Code: Select all
Ignoring event for IP because it is part of the ignore list
My ignore list is very small. 5 IPs. No subnets.
Am I reading the log wrong and the ignore does not refer to the IP but to the actual event/rule?