We cannot figure this out as the ESPER command of 'output every n' does
not work for what we are looking for. Not sure if we are going to need
to create a persistent table that keeps rewriting itself. Issue:We have
a few alerts that will trigger on m...
I am attempting to get this alert working to detect when a client sites
VLC stops sending logs or something wrong just happens. The rule is
similar to the no log traffic found from device. I have the time set
very low currently for testing but the al...
While looking through the documentation it does state it will need
32gigs of ram and up to 16 cores for 5000 agents. One thing it does not
state is the storage required, I cannot find it anywhere on the
documentation. Besides this one line "Based on ...
Looks like the big change was the SELECT window(*). I had given up on
output every first every N min because it was only giving one event out
of it with just SELECT * And it seems to be working as intended, going
to test a lot more to be sure with al...
Great write up and going to look to include this in some of our alerts.
We have been working on a script that will email specific clients based
on a field in the logs as well however ours was a bit different, cannot
share it yet but wanted to share a...
This is taken from the security config guide. I can confirm that this
works perfectly. 1.Rename your certificate files and save them in for
NGINX.Rename the customer provided cert.pem certificate pem file to
web-server-cert.pem.Rename the customer pr...
I have modified the alert a bit. So far it is not working however in
netwitness. But it does work on EsperTech Esper EPL Online SELECT * FROM
pattern [every a = Event((lc_cid in ('logcollectorname'))) ->
(timer:interval(120 seconds) and not Event((lc...