I have a relatively simple question, which I am having a hard time finding the answer for both through forum searches and google.
We are new to EventSentry and currently running a test deployment with a trial license. So far so good! I have setup some basic monitoring of test-servers and a few network devices via syslog. Well, today I found myself needing to leverage the power of this software for the first time.
I am attempting to track down some rouge connections through a device sending syslog to the EventSentry server. However, the logs I am looking for are at the level of info. Manually scrolling through is out of the question as there are thousands of entries. My question is, how can I utilize the "message:" search functionality of EventSentry?
I have attempted the following: message:"192.168.6.27", message:[192.168.6.27], message:["192.168.6.27"] and message:192.168.6.27 - All of these searches came up blank, but I was able to find entries using my browser built-in search function.
I realize the software is using Query Parser Syntax and I have referenced THIS article for support but unfortunately neither really help in this situation.
Any help is appriciated!
Thank you in advance.