if i log into DRS site or OS admin site using a wrong password i am getting an RTMT alert
At Fri Mar 02 14:44:16 EST 2012 on node 1.1.1.1, the following SyslogSeverityMatchFound events generated:
SeverityMatch : Alert
MatchedEvent : Mar 2 14:44:00 XXXXXXXX authpriv 1 procAuth: pam_unix(system-auth:auth): check pass; user unknown AppID : Cisco Syslog Agent ClusterID :
NodeID : XXXXXXXX
TimeStamp : Fri Mar 02 14:44:00 EST 2012
SeverityMatch : Critical
MatchedEvent : Mar 2 14:44:00 XXXXXXXX authpriv 2 procAuth: pam_succeed_if(system-auth:auth): error retrieving information about user cucadministrator AppID : Cisco Syslog Agent ClusterID :
NodeID : XXXXXXXX
TimeStamp : Fri Mar 02 14:44:01 EST 2012
as you can see the sent from the alert name called "SyslogSeverityMatchFound". this alert name also send alerts such as ntp related, or services down and much more. so i cannot (or dont want to) disable this in the rtmt alert central. so my question is how would i go about disabling this such authentication failure alert which i dont want to receive at all. there is also an alertname called "authenticationfailed" in the alert cetnral section of rtmt . i have disabled that already. however that doesnt stop this msg.
thanks
vijay