How do you search log that triggered fired alerts


Is it possible include the data from the log that a fired alert was triggered off of?

So for example, our web server creates a log where someone from a bad IP address is connecting in, that triggers an email alert to the admin team.

Later down the road, I want to see all fired alerts and generate a report that shows the time the alert was triggered and the IP address value that came from the original web server log.

But to be clear I need this to contain the fired alerts audit log so I know I'm comparing the real log from the web server and the corresponding fired alert

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!