i'm trying to use the 'Alert Action' of DISCARD on a repeating Syslog Message from a switch.
i'm not having any luck.
does anyone have any pointers on using a Rule with Syslog Viewer?
thanks,
Gil
The wild card is your friend (*). I copy the message straight from the syslog web viewer then paste straight into syslog alerts / filters. Then I delete out the front and back stuff and just leave the meat of the syslog message. Then (*) on the front and the back.
