Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
1
Replies

event summarization

mhellman
Level 7
Level 7

‎01-18-2006 11:09 AM - edited ‎03-10-2019 01:50 AM

I've noticed summary alerts without a preceding non-summarized alert, which I thought was impossible.

Are signatures using a summary mode of "summarize" always supposed to generate 2 alerts, the initial alert that starts the counter and then a summarized alert?

The only explanation I can think of is the event filters. Is it possible that an event filter [especially one with "stop on match" disabled] would prevent the initial alert but not the summarized alert?

Labels:
0 Helpful
1 Reply 1

ebreniz
Level 6
Level 6

‎01-24-2006 08:16 AM

That looks strange to me too. Summary alarms gets triggered at the end of the throttle-interval. If summarization is configured for a signature, then the first alarm is sent when it occurs and all other alarms are blocked and only a summary alram is sent at the end of the throttle interval.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swappa.htm#wp787013

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card