Cannot create events based on "sys

Support Center > Search Results > SecureKnowledge Details

Cannot create events based on "sys_message:" filter

Solution ID	sk119995
Product	Security Gateway
Version	R77.30, R80.10, R80.20
Date Created	16-Aug-2017
Last Modified	12-May-2019

Symptoms

Creating events based on "sys_message:" filter fails with:

Origin: [IP address] Time: [DATE TIME] 
Flags: 0x140 Interface: "daemon" 
Direction: inbound Action: null ['sys_message:': "installed Standard"]
sys_message has : within the ''

When adding ":" to the sys_message field in SmartEvent, it fails with "illegal character" message.

Solution

Note: To view this solution you need to Sign In .