5 Replies Latest reply on May 11, 2010 10:07 AM by Questionario

    Regular Expression help

    stevel

      Hello,

       

      i am trying to send an alert from syslog.  what i want to do is alert if an ip address is seen trying to penetrate one of our cisco ASA firewalls.  examle.... if xx.xx.xx.xx gets denied x number of times within a 5 minute time period send the alert.....i'm assuming i'd have to use a regular expression but i can't seem to figure out how to search for a matching ip address......any help would be appreciated....not even sure if this can done.

       

      thanks

      Steve