anyone have Rules working with SYSLOG VIEWER?

i'm trying to use the 'Alert Action' of DISCARD on a repeating Syslog Message from a switch.

i'm not having any luck.

does anyone have any pointers on using a Rule with Syslog Viewer?



The wild card is your friend (*).  I copy the message straight from the syslog web viewer then paste straight into syslog alerts / filters.  Then I delete out the front and back stuff and just leave the meat of the syslog message.  Then (*) on the front and the back.

