While looking at the "Failed Authentication" report I have a log entry that occurs so frequently that it blocks out 'real' authentication failures. The log entry always includes the keywords "host/" (no quotes).
The ACS filter allows you to -include- only the log entries that match the RegEx expression, but -excluding- them doesn't seem as easy.
Any RegEx experts care to take a stab at an exclusion filter?
And yes, I know the better option is to stop the log entry from occuring in the first place, and/or export the reports as CSV and then filter the results in a more suitable application. Better yet, use aaa-reports from Extrati. I wanted to rule out the RegEx option first.
I've googled for "RegEx exclude" and most of the results require an intermediate-to-expert level knowledge of RegEx, and my experience begins and ends with '*' wildcards.
Thanks in advance.