I created a rule in SL4NT to look for specific info received from a PIX syslog.
I syntexed the substring message as follows
I left the regular expression box checked. I am to receive an email on the above
Problem I am having is that I receive emails from SL4NT that contain IP addresses not in the substring. Below is a sample of an email that I receive. As you can see the IP addresses listed in the email are not part of the substring. Does anybody have any ideas on why SL4NT may be doing this to me. The SL4NT is quite busy receiving a lot of syslog traffic from other devices.
Jul 14 2009 00:58:49: %FWSM-3-106100: access-list out2in permitted icmp
outside/10.15.16.1(0) -> inside/18.104.22.168(11) hit-cnt 192
(300-second interval) [0x941ea73, 0x0]