PRE_DEFINED_SEARCH_FILTER_ALERT

Message attributes and sample message of PRE_DEFINED_SEARCH_FILTER_ALERT

Message attributes and associated values/description
Name	Value / Description
FilterMatch	Search filter pattern
TriggeringMessage	Last triggering message
(Low \| High)Threshold	Low or high threshold (integer)
DurationSeconds	Duration in seconds (integer)

Sample Message

<133> Mar 15 11:43:29 2009 10.1.1.165 %LOGLOGIC-5-050500:
AlertPriority="HIGH" AlertType="PRE_DEFINED_SEARCH_FILTER_ALERT" AlertName="wordAlert" GeneratedBy="10.1.1.165" ForDevices="All Syslog Sources" ForDeviceIPs="10.1.1.5,10.1.1.80,10.1.1.82,10.1.1.96,10.1.1.92,10.
1.1.95,10.1.1.98,10.1.1.100,10.1.1.124,10.1.1.125,10.1.1.165,10.1.
1.240,127.0.0.1" ConfiguredForDevices="All Syslog Sources" FilterMatch="inbound" TriggeringMessage="<1>Mar 10 15:37:50 metro-gateway.r.mnscu.edu %PIX-6-302013: Built inbound TCP connection 544430255 for outside:67.28.27.217/4030
(67.28.27.217/4030) to dmz1:199.17.241.217/80 (199.17.241.217/80)
" HighThreshold="2" DurationSeconds="60" AlertableEventsCount="2577"

Next topic: RATIO_BASED_ALERT

Previous topic: NETWORK_POLICY_ALERT

Contents

Index

Search Results

PRE_DEFINED_SEARCH_FILTER_ALERT

Sample Message