:programname, isequal, "sudo" ~
:msg, contains, "Blocked RUGOV IP attempt:" /var/log/rugov_blacklist/blacklist.log
& ~