I am still getting to grips with SmartEvent and I have come across a particular event on a regular basis that I do not really understand. There is so little useful information that am having trouble identifying the cause:
The only useful information is the Start and End time of the event. Basically I have an event "Traffic". There is no origin Security Gateway mentioned, source, destination or service mentioned. There is no Rule Category or Event Name, to allow me to identify where in SmartEvent I might look to understand or control this type Event.
Give that the event start and end times, tend to always indicate a long event duration, could it be related to a long lasting sessions (multiple connections between the same client and server for the same service) that is reaching some limit?