18 Sep
2014
18 Sep
'14
2:25 p.m.
Hi Sascha, On Thu, Sep 18, 2014 at 06:53:04AM +0000, Lucas, Sascha wrote:
* classification: pattern is per program and limited to the message
patterndb's "primary keys" are indeed (currently) limited to PROGRAM (rulesets) and MESSAGE (patterns), although you can easily bypass that limitation.
* correlation: context is limited to one host not many
You *can* correlate messages from different hosts by using 'context-scope = global' in the rule