Hi All
My customer want to create a rule to detect the same Source IP (ex:
hacker) try login more than 3 time in 2 mins....
I want to set rule get "Authentication Failure" in Message and Source
IP are the same. But I have 2 question below:
1. Operator is not "include" , because I wan to make sentinel search
the keyword, whether it could work or not ?
2. How to set the same SourceIP which login fail ?

thanks !!

wyldkao


--
wyldkao
------------------------------------------------------------------------
wyldkao's Profile: http://forums.novell.com/member.php?userid=1823
View this thread: http://forums.novell.com/showthread.php?t=456515