Forum Discussion
- Anonymous
I haven't played around with it in a while. Do you have the text that shows up in the syslog? Could you post it (scrubbed if necessary)? Should just be a matter of creating the eventsource with the right filter.
So it is getting the syslog but it is being filtered out I'm guessing due to it be informational.
This my filter.
- Anonymous
Unfortunately, it looks like Debug, Informational, and Notice syslog events are discarded before they even get to the ES: https://www.logicmonitor.com/support/logicmodules/eventsources/types-of-events/syslog-monitoring
I would get in touch with your CSM to get this put in as a feature request. (Has to be a feature request because it's working as designed, you just need the design changed.)
I will mention that to my CSM.
I might have a work around on the ASA I went to that syslog message and changed it from informational to alert however it is still being filtered.
- Anonymous
Ah, if you can change the severity, that should work. So, the filters in EventSources are opt in. Meaning that only messages that match the filters will generate alerts. Since none of your messages contain "Login denied" they are getting filtered out. Maybe i'm not seeing everything that's not in your screenshot.
Related Content
- 2 years ago