I am trying to apply a filter on the syslog messages i am receiving from a firewall for any kind of Denied traffic. For this, i am required to apply a counter of 100 to denied messages from a specific source ipin real time. Since there are lot of denied messages from several IPs, the counter can be reached easily and trigger the action which is of no use. I want to track the count for a matching source ip inside the message content.
Is there any expression i can use to match a string pattern at a specific location again and again to increase the counter?
Thank you in advance for your valuable input.