Alerting Rule SSIM 4.6.1.24
Any ideas, please share.
I have created a rule to alert me (via an email) when my vendors connect via VPN to my network. From the design console the rule works, but it fails to alert me when I push to rule out.
Anyone?
SSIM ver 4.6.1.24
(Event Type ID = VPN Connection Statistics AND User Name = VENDOR-NAME)
here is the rule
<?xml version="1.0" encoding="UTF-8"?>
<Rule name="VPN_Consultant_1_1" type="SingleEventRule">
<EventCriteria name="">
<Group operator="0">
<Condition operator="0">
<Argument>
<Field id="event_id" name="Event Type ID" type="1" byname="true" byuser="true" />
</Argument>
<Argument>
<Value type="1" name="VPN Connection Statistics" version="2">742004</Value>
</Argument>
</Condition>
<Condition operator="0">
<Argument>
<Field id="user_name" name="User Name" type="0" byname="true" byuser="true" />
</Argument>
<Argument>
<Value type="0" version="2">MY-VENDORS-NAME-GOES-HERE</Value>
</Argument>
</Condition>
</Group>
</EventCriteria>
<TrackingFields>
<Field id="target_resource" />
</TrackingFields>
<ConclusionArgs>
<Argument>
<Field id="user_name" />
</Argument>
</ConclusionArgs>
</Rule>
Comments
Did you configure the SMTP
Did you configure the SMTP server that SSIM will use to notify you?
Would you like to reply?
Login or Register to post your comment.