Hi,
I’ve setup the rule to alert when the random entropy is equal to or below 200.
Even with servers of greater than 200 (in the thousands) I get an alert generated.
Debug shows:
Rule name: Random Entropy too low
Alert rule: applications.app_type = "entropy" AND applications.app_state <= 200
Alert query: SELECT * FROM devices,applications WHERE (devices.device_id = ? AND devices.device_id = applications.device_id) AND applications.app_type = "entropy" AND applications.app_state <= 200
Rule match: matches
and the rule applied is:
I’m not sure what I’m doing wrong but with 3000 entropy the rule above matched?
Thoughts?