Add specific 'field' from firewall syslog into event notification

Hello,

I have created an event, with email notification, when there is a “possible port scan” on our firewall. However the email is just ‘notifying’ - it doesn’t tell me the IP that is doing the scaning.

I would like to pull the SRC (see screenshot) into the email, so any help is greatly appreciated.
image

Running latest version of GL, on ubuntu 22.x

Thank you in advance!
James.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.