MARS - "Sudden increase of traffic to a port" rule

Unanswered Question
Nov 28th, 2006
User Badges:

Hello. I duplicated the system rule "Sudden increase of traffic to a port" in MARS and it blew out the original system rule and now shows up as a user rule. It doesn't appear to be working either. It is active. Not sure what to make of this, and neither is TAC. Anybody every mess up a system rule like this? Anyway to recover it? Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cniblo1975 Wed, 11/29/2006 - 09:07
User Badges:

I upgraded to 4.2.2 and the rule seems to have been restored as a system rule. I noticed that it is showing up in our morning report (Event Types Ranked by Sessions), but we are not recieving an email or page for this rule firing (email/SMS notification works for all other rules). I ran a query for this event for the time period of the report it showed up on and no results were returned. Any thoughts would be appreciated. Thanks.

Christine

Actions

This Discussion