Threshold rule examples
The following Threshold rule generates a TOO_MANY_AUTH_FAILS
event when 10 SNMP_AUTHENTICATION_FAILURE
events occur within 120 seconds.
Threshold rule example
threshold too_many_authentication_failures:
SNMP_AUTHENTICATION_FAILURE ($EV)
where [ $EV.status != CLOSED AND $EV.status != BLACKOUT ]
when 10 within 120
{
generate_event (TOO_MANY_AUTH_FAILS, [ mb_object = $EV.snmp_source_addr ]);
}
END
Was this page helpful? Yes No
Submitting...
Thank you
Comments
Log in or register to comment.