Testing a Rule
After creating or editing a rule, you should test it to see if it works as expected, before activating.
Follow the procedure to test a rule:
-
Go to RESOURCES > Rules, and deactivate the rule to test.
Note: If you cannot deactivate a rule for testing, you can clone an inactive version of it. - Select the rule, and click Test.
This opens the Rule Debug Events dialog box. -
Enter a Reporting IP where the synthetic event should originate from.
If the rule you're testing specifies that the Reporting IP should be a member of a group, you should make sure that the Reporting IP you enter here is in that group. - Under Raw Event, enter the raw event log text that contains the triggering conditions for the rule.
- Under Pause, enter the number of seconds before the next test event will be sent, and click + under Action to enter additional test events.
Create as many events as necessary to trigger the rule conditions. - Click Test Rule.
If the test succeeds you are now ready to activate the rule.