Resolution
goal
How do I configure an Event Processing Rule to alert me when an event contains a specific string of text?
fact
Security Manager 3.X
fact
Security Manager 4.X
fact
Security Manager 5.X
symptom
Event Processing Rules that are configured to search for a string of text in an event are not generating alerts, even though the string is specified in the rule criteria.
cause
Security Manager is case-sensitive when parsing for text strings.
fix
How do I configure an Event Processing Rule to alert me when an event contains a specific string of text?
fact
Security Manager 3.X
fact
Security Manager 4.X
fact
Security Manager 5.X
symptom
Event Processing Rules that are configured to search for a string of text in an event are not generating alerts, even though the string is specified in the rule criteria.
cause
Security Manager is case-sensitive when parsing for text strings.
fix
In order for Security Manager to correctly match a string of text in the body of an event, the rule criteria must contain the string EXACTLY as it appears in the event, including case.
For example, if the alert should be generated when it encounters the text 'ABCD' in an event, the alert criteria must specify 'ABCD' as the text string to match. The alert will NOT be generated if the text 'abcd' is specified in the rule criteria.
Additional Information
Formerly known as NETIQKB36414