Absent Member.
Absent Member.

Rule Aggregation Doesn't work

I have created a standard rule to identify windows failed logon events. I want to set a counter to fire a rule when 5 such events are generated within 2 mins then fire the rule. I set the aggregation to '# Of matches = 5" and "Time frame = 2 Minutes". but It seems not working properly. each time an event comes to the ESM , the rule will be fired.

Any one met this before? any solutions?



Labels (1)
1 Reply
Absent Member.
Absent Member.

Re: Rule Aggregation Doesn't work

Hi Xiande,

please open the "Actions" tab on that rule and check the type of action enabled. Probably you have the option "On Every Event" enabled, while you should check "On Every Threshold".



The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.