Hello,
i am trying to send an alert from syslog. what i want to do is alert if an ip address is seen trying to penetrate one of our cisco ASA firewalls. examle.... if xx.xx.xx.xx gets denied x number of times within a 5 minute time period send the alert.....i'm assuming i'd have to use a regular expression but i can't seem to figure out how to search for a matching ip address......any help would be appreciated....not even sure if this can done.
thanks
Steve