Apache rule incorrect

[inf0rmix]

The current apache rule for failed login is currently not matching due to a wrong sid:

30302

when I change the id to 30301 , the rule is correctly matched:

echo '[Mon Nov 11 12:27:53.796423 2024] [auth_basic:error] [pid 2483913:tid 2483939] [client xxx:57536] AH01617: user xxx: authentication failure for "/": Password Mismatch' | /var/ossec/bin/wazuh-logtest
Starting wazuh-logtest v4.9.0
Type one log per line

**Phase 1: Completed pre-decoding.
full event: '[Mon Nov 11 12:27:53.796423 2024] [auth_basic:error] [pid 2483913:tid 2483939] [client xxx:57536] AH01617: user xxx: authentication failure for "/": Password Mismatch'

**Phase 2: Completed decoding.
name: 'apache-errorlog'
parent: 'apache-errorlog'
id: 'AH01617'
srcip: 'xxx'
srcport: '57536'

**Phase 3: Completed filtering (rules).
id: '30308'
level: '5'
description: 'Apache: User authentication failed.'
groups: '['apache', 'web', 'authentication_failed']'
firedtimes: '1'
gdpr: '['IV_35.7.d', 'IV_32.2']'
gpg13: '['7.1']'
hipaa: '['164.312.b']'
mail: 'False'
nist_800_53: '['AU.14', 'AC.7']'
pci_dss: '['10.2.4', '10.2.5']'
tsc: '['CC6.1', 'CC6.8', 'CC7.2', 'CC7.3']'

all tested with wazuh release 4.9.0

[inf0rmix]

Do you have any update for me ?

I have tested with release 4.14.0 and the error still seems present.