I have been asked to look at our Kiwi Syslog server and determine if there is a way to have it send an email alert based on a perticiular message that is sent to the syslog, but only for the first iteration of another string in the message.
For example, I we get the message below 30 times, I wont want to have 1 email notificaiton, but if/when the IP address changes, send a new email.
| Dec 08 2009 14:11:41: %ASA-4-338002: Dynamic Filter permitted black listed TCP traffic from inside:10.223.25.34/3998 (12.69.177.21/26001) to outside:66.235.126.53/80 (66.235.126.53/80), destination 66.235.126.53 resolved from dynamic list: www155.mywebsearch.com |
Is that possible with Kiwi's Syslogger?
