SmartEvent does not capture IPS events

Hello All...

I'm trying to set up an email alert for every IPS log with action prevent and/or severity critical.

After proper capturing I wish to block the source for, say, 8 hrs. BUT, as hard as I tried, I cannot capture severity field!

When I try to use Severity Equal to Critical it never captures the event... Tried other fields, such as attack ID or attack name and I alway got no reaction as well...

Versions I have are R80.30 for SmartConsole and SmartEvent.

So, Detailing...

Read somewhere around here I should have "Generic IPS Event" active. I set it, and I set an email reaction.

In fact, only after this ticked I started capturing events but never received an email for this "Generic IPS Event".

User defined event, "IPSActionEvent" is defined as follows and seems to work

Product I use from list is IPS Software Blade...

I got emails for this "User defined Event | IPSActionEvent" BUT only when I place action equal to prevent.

Here snaphots from logs...

Seemed ok until now BUT When I try to use Severity Equal to Critical it never captures the event...

Tried other field, as attack ID or attack name and I always got no reaction.

AH! Yes, we rebooted a couple of times:-)

I wonder why?

Paulo Balau