Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Stop

SyntaxDescription
stopTerminates further alert rule processing when triggered.
Any rules defined after it are skipped.
  • Prevent events from matching later rules which may conflict with alerting behaviour

Example

  • Alert on Ping events from the Cisco group. Other Ping events are logged by calling a custom site-script alert_log_event. If the stop action is triggered, the rule at the bottom is skipped.
* * ping4 PING.icmpState any group Cisco = email NetEng
* * ping4 PING.icmpState any group Cisco = stop

* * ping4 PING.icmpState = call alert_log_event