Rules and Alerts for Traps with LA

I need to ultimately create an alert from a Trap rule configured in LA. However, I do not want the alert to Trigger until a certain number of the same traps has been received in a set period of time. I know that was an easy thing to do with the Legacy Trap Viewer, but can't seem to see how to do that in LA. Is it done in the Rule or in the Alert? Thanks.

Parents
  • This option is available in the latest LA (and probably few versions back as well), but it hasn't always been there.

    Since the rules are triggered in each service separately (trap service, syslog service, etc.), this option is not available either in Global Preprocessing or Global Postprocessing.

    So - go to a trap rule and expand Advanced Settings in Rule Conditions - ENRTY COUNT is what you're looking for.

Reply
  • This option is available in the latest LA (and probably few versions back as well), but it hasn't always been there.

    Since the rules are triggered in each service separately (trap service, syslog service, etc.), this option is not available either in Global Preprocessing or Global Postprocessing.

    So - go to a trap rule and expand Advanced Settings in Rule Conditions - ENRTY COUNT is what you're looking for.

Children