Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Threshold rule examples

The following Threshold rule generates a TOO_MANY_AUTH_FAILS event when 10 SNMP_AUTHENTICATION_FAILURE events occur within 120 seconds.

Threshold rule example

threshold too_many_authentication_failures:
  SNMP_AUTHENTICATION_FAILURE ($EV)
     where [ $EV.status != CLOSED AND $EV.status != BLACKOUT ]
           when 10 within 120
   {
     generate_event (TOO_MANY_AUTH_FAILS, [ mb_object = $EV.snmp_source_addr ])
   }
END

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC TrueSight Infrastructure Management 10.0