Hi All,
I need some help creating a syslog alert for the following syslog message
RT_FLOW: RT_FLOW_SESSION_DENY: session denied x.x.x.x/49203->x.x.x.x/2055 None 17(0) default-deny untrust trust
I have tried the following syslog alert, setup, but the alert does not trigger.
Rule is enabled, Source: *, DNS Hostname: *
Message: *
Message Type Pattern: RT_FLOW: RT_FLOW_SESSION_DENY:
Syslog Message Pattern: ?
Severity/Facility: Everything is checked
My intention is to alert when a 'deny' message is received.
I believe the issue is with either the Message Type Pattern or Syslog Message Pattern.
I have confirmed the alert does work with no Message Type Pattern or Syslog Message Pattern match inputted.
Please help!