has anybody yet successfully created a rule with a SNMPTrap Action that fires when a correlation is configured based on the following (e.g.):
Correlation Time
2 Alerts within 40 seconds
when I reduce the number of alerts to 1, the rule fires, if the number is raised, it fires no more...
The basic alert is a "UserLogonFailure" and it is created based on a syslog message from a Cisco IOS Switch. The syslog message is created each time a user trys to logon to the Cisco switch with wrong credentials and each time the alert is triggered;nmp