Need help with a rule..

Unanswered Question
Mar 16th, 2007

I wrote a rule with the intent of it firing upon events originating only from public ip addresses AND only for yellow OR red severity levels. However this rule still fires on green severity events. Can any one see why from looking at the rule in the attached graphic?

Thank you,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
edwakim Mon, 03/19/2007 - 20:29

Hi Mike,

I hope you are doing fine.

I guess you are talking about MARS here.

Could you please attach the graphic?

Thank you.


mmorris11 Tue, 03/20/2007 - 06:31


Glad I checked this! Actually what happened is that posted this before attaching and discovered that you can't attach after the fact. The full post is here:

Check out this TAC case (this is about something else): SR 605613157 - CSMARS-rule building

It led to an enhancement request: CSCsi17878 - Rules should have 'NOT-FOLLOWED-BY' operator



This Discussion