Overriding <ignore> directory for certain logs in same directory

[Jamey B]

Hey folks,

Suppose I have /var/log set to <ignore>. What if I wanted to be alerted to a certain type of log that was dropped into this directory? Is it possible to add a certain regex/pattern to the <include> if the log exhibits unique patterns? For example, if I wanted to know if people are clearing their logs and I have that directory set to ignore, can I make a an exception?