AnsweredAssumed Answered

ntevl configuration for two exact Events within a specific time

Question asked by ManuNair on Jun 28, 2017
Latest reply on Jul 13, 2017 by Thomas GENTILHOMME

Hi All,

 

We are having CA UIM 8.4 installed on windows 2012 platform.

 

Now we are having a requirement to monitor events which occurs more than or equal to 2 times with exact same message on event. But when we are using Event count>=2 with time frame 1 min-->we are getting alert for the second event even though the message varies.

 

 

ntevl probe version: 4.24

 

What we are running into is that we have a profile set up so that it should only send out an alarm if a single user tries to log into SQL 2 times within the same minute.

 

 

What is happening is that we get an alarm for a the second user that was tried, so if I do 1 try with sa and 1 try with administrator I get the alarm on administrator.

 

 

What we are actually looking for is no alarm under that condition, but if sa tries 2 times in less than a minute and it fails than they get an alarm for sa.

 

 

Please suggest here.

 

Regards,

Manu

+91 8754587671

Outcomes