Event log rule processing order
In what order does the event log rules process? Here's a scenario:
* Rule 1 - Capture all events where the source is "Foo"
* Rule 2 - Capture all events where the source is "Foo" and the word "access denied" in the description.
If an event comes through with the source "Foo" and the word "access denied", which rule will it trigger?
Thanks,
Colin
* Rule 1 - Capture all events where the source is "Foo"
* Rule 2 - Capture all events where the source is "Foo" and the word "access denied" in the description.
If an event comes through with the source "Foo" and the word "access denied", which rule will it trigger?
Thanks,
Colin