but that doesn't seem to work properly.
You are going to have to elaborate on that.
Any errors? Data just doesn't seem to get there?
I have a RealTime rule setup to monitor the syslog and only the application that writes natively to the SYSLOG generate and email based on the Realtime Policy I have setup. These are the three strings:
Nessus: "bad login attempt from ip"
Satellite: "Failed login attempt from"
Tenable.sc: "Invalid username/password combination for User"
I have a RealTime rule setup to monitor the syslog and only the application that writes natively to the SYSLOG generate and email based on the Realtime Policy I have setup. These are the three strings:
Nessus: "bad login attempt from ip"
Satellite: "Failed login attempt from"
Tenable.sc: "Invalid username/password combination for User"