Hey guys,
I'm trying to set up an email alert for every IPS log with action prevent and severity critical. I'm not having any luck. Can someone provide an example of an IPS alert that they have set up through SmartEvent? I'm currently on R80.40 latest ongoing.
I've had a little bit of luck getting emails with some correlated logs but they don't show any valuable information (no attack name, action etc..) even after enabling the column in "Event Format" and lumping them into the same event in the "Count logs" section. I have been testing by just using IPS action = Prevent for right now. Also note that the single log events wont trigger an email only the correlated. Is there something I'm missing? Pictures below. Thanks!!