• Support
  • Forums
  • Blogs

Create Alarm from Log File Contents

arauharauh

New Life Form
I'm trying to setup a rule/alarm for whenever a certain event's (Run Instance) log file contains the below entry:

"associatePublicIpAddress": true

So, looking at the raw log it would be located here as a line entry here:
AV log

My question is, for creating a Rule to setup the alarm, would I use 'Log File' [contains] OR 'Raw Log' [contains]

Wasn't sure which for specific line entries in the log.

Share post:

Answers

  • Hello arauh,

       For this particular condition, you would be looking at using the "'Raw Log' [contains]'. 

      Hope this helps!

    Utmost regards,

    - Colin Scott
    AlienVault 
Sign In or Register to comment.