[Sguil-users] auto categorization not working

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I have decided that some events should be auto categorized, for example
"tag: Tagged Packet".

I have these events configured in the autocat.conf file such as:

--------------
none||ANY||ANY||ANY||ANY||ANY||ANY||tag: Tagged Packet||1
none||ANY||ANY||ANY||ANY||ANY||ANY||WEB-MISC robots.txt access||16
etc.
--------------

But what I notice is that while some times events get automatically
categorised, I still end up with many of the events which should be auto
categorized in the sguil console and uncategorised.

I don't think this is correct, is it? Or is something wrong with my
configuration?

Clemente