rommel Absent Member.
Absent Member.
309 views

Correlation logs

All,

I am just wondering if there is a log on the ESM v5.2 that contains the correlation log history. Basically, I am looking to determine if a Correlation Rule has fired in the past, would date back further than the data reported by an Active Channel. Thanks.

v/r,

rom

Labels (2)
0 Likes
2 Replies
StevenvandeBraak Outstanding Contributor.
Outstanding Contributor.

Re: Correlation logs

Help --> search --> "Audit Events" --> Rules:

Device Event Class ID

Audit Event Description

rule:100

Any rule fired.

rule:101

Rule fired OnEveryEvent.

rule:102

Rule fired OnFirstEvent.

rule:103

Rule fired OnSubsequentEvents.

rule:104

Rule fired OnEveryThreshold.

rule:105

Rule fired OnFirstThreshold.

rule:106

Rule fired OnSubsequentThresholds.

rule:107

Rule fired OnTimeUnitExpiration.

rule:108

Rule fired on time unit.

But ESM holds them no longer then your retention time, unless you keep 'm somewhere in Lists or Trends for longer times

0 Likes
rommel Absent Member.
Absent Member.

Re: Correlation logs

Thank you. Appreciate the response.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.