What will i put in the notification option ?

I did not get below statement please can you explain me clearly ?

"In the case of Cisco Firewalls, the default Tool Alias is Cisco PIX and IOS.  If you have all your Firewalls logging to Local7, you may want to change that to "Cisco Firewalls."  Then data would match the default filter.?

I've also seen people use this on Nodes (or more specifically, Connector Profiles) where they change the default Windows Connector Aliases to something like "DC Application Log" and "DC System Log" and then they can create a filter for Domain Controller Events.  The Tool Aliases can be pretty handy that way."

As long as the word "Firewalls" appears in the Tool Alias, data from that tool will match the default filter in the Monitor tab.  The default name for Cisco IOS connectors is "Cisco PIX and IOS" so it won't match the Firewalls filter unless you change the name to include the word "Firewalls," ie "Cisco Firewalls"

Can you help me to create the filter rule ?

What is the tool alias of the connector reading your firewall logs?

I have created the Alias of the connector  "switch".

I have attached a filter that would return events from that Alias.

How do i add this file in my LEM filter ?

Can you explain how did you create this filter ?

Might I suggest that you spend some time with our video training on the LEM?

https://www.youtube.com/playlist?list=PL7E0C96A8AA76F1D2

This video specifically covers creating Filters:

And there's this KB:

http://knowledgebase.solarwinds.com/kb/questions/3380/Creating+Filters+for+Real-time+Monitoring+in+Y...

To import the filter I created, click the gear and then pick "Import" and navigate to the FIlter file you downloaded.