Is it possible to configure such that an issue (trigger) stays active/on (latched) until it is acknowledged?
My use case is in log monitoring, what I want to do is, for example, monitor the SECURE log file and trigger based on root sign in, but I want the trigger to stay latched until it has been acknowledged. Currently I can monitor the log and a trigger fire when 'root sign in' is part of the scanned log file but as soon as another part of the log is read the trigger is gone.
Or am I missing something?
regards
Steve
My use case is in log monitoring, what I want to do is, for example, monitor the SECURE log file and trigger based on root sign in, but I want the trigger to stay latched until it has been acknowledged. Currently I can monitor the log and a trigger fire when 'root sign in' is part of the scanned log file but as soon as another part of the log is read the trigger is gone.
Or am I missing something?
regards
Steve
Comment