I've noticed summary alerts without a preceding non-summarized alert, which I thought was impossible.
Are signatures using a summary mode of "summarize" always supposed to generate 2 alerts, the initial alert that starts the counter and then a summarized alert?
The only explanation I can think of is the event filters. Is it possible that an event filter [especially one with "stop on match" disabled] would prevent the initial alert but not the summarized alert?
That looks strange to me too. Summary alarms gets triggered at the end of the throttle-interval. If summarization is configured for a signature, then the first alarm is sent when it occurs and all other alarms are blocked and only a summary alram is sent at the end of the throttle interval.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...