Hi all,
I just have some questions around setting up email alerts and filters in Kiwi Syslog.
- What is the average processing time from receiving a syslog message to it being processed and emailed out? I'm seeing delays of up to 30 seconds or more before I am even seeing it in the email log within Kiwi, then you add the time it takes for your mail server to actually deliver the message. Curious to see what others are seeing?
- When creating filters and actions within a rule, the filters look to be processed as "AND" instead of "OR". E.g. If I have a single rule called "Logon Success Events", with an action to email the alert, and a filter to catch the first devices message which might be "logon successful" and the second devices message "successful logon", it appears to not work. It appears I have to create a new rule for each different message string? Is there a way for multiple filters under a rule to be processed as "OR" and not "AND"?
Many thanks!