How can the event rules be configured so that a particular event will not trigger the alert.
Scenario:
When undertaking a security scan on a network device, the device triggers the alarm 'A CRITICAL SYSLOG EVENT HAS OCCURRED', cause code 0x21001c:
From the event, it is caused by the scan with reason: Login Authentication Failed.
Question:
How can the event rules for this 0x21001c event be configured so that only this login failed trap will not trigger the alert?
DX NetOps Spectrum release 20.2 or later
The 0x21001c event has the following description located in the message body:
[Reason: Login Authentication Failed].
Looking at the event message, the variable that represents this is the third, which would be written as:
{v 3}
You can then do a string comparison on this variable (strcmp) in the event rules for it. For example:
if strcmp({v 3} {S “Login Authentication Failed”}) evaluates to TRUE, then generate <EVENT>
Where <EVENT> represents a new custom event which does not raise an alarm.