An element containing message patterns and how a message that matches these patterns is classified.
If the following characters appear in the message, they must be escaped in the rule as follows:
@: Use @@, for example,
provider: The provider of the rule. This is used to distinguish between who supplied the rule, that is, if it has been created by Axoflow, or added to the XML by a local user.
id: The globally unique ID of the rule.
class: The class of the rule — this class is assigned to the messages matching a pattern of this rule.
<rule provider='example' id='f57196aa-75fd-11dd-9bba-001e6806451b' class='violation'>
The following example specifies attributes for correlating messages as well. For details on correlating messages, see Correlating log messages using pattern databases.
<rule provider='example' id='f57196aa-75fd-11dd-9bba-001e6806451b' class='violation' context-id='same-session' context-scope='process' context-timeout='360'>