This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Creating a real-time alert from syslog device logs

I'm sending firewall syslogs to our InTrust server. I can browse all the logs from the repository viewer no problem.


I'm now looking to create a custom real time alert to be triggerd on an event log of a specific VPN user account being used. 


I can find the event in the repository viewer, there are a number of Insertion Strings: rows that are numbered. The unique data I'm wanting to alert on is in one of these rows (#30) I just don't know how to create an alert that triggers on that. 


There are no templates for syslog alerts like there are for the Windows Event logs. 


Any examples or help would be appreciated.