Element: rule




An element containing message patterns and how a message that matches these patterns is classified.

The element may contain any number of elements.


  • provider: The provider of the rule. This is used to distinguish between who supplied the rule, that is, if it has been created by Axoflow, or added to the XML by a local user.

  • id: The globally unique ID of the rule.

  • class: The class of the rule — this class is assigned to the messages matching a pattern of this rule.


  • patterns


   <rule provider='example' id='f57196aa-75fd-11dd-9bba-001e6806451b' class='violation'>

The following example specifies attributes for correlating messages as well. For details on correlating messages, see Correlating log messages using pattern databases.

   <rule provider='example' id='f57196aa-75fd-11dd-9bba-001e6806451b' class='violation' context-id='same-session' context-scope='process' context-timeout='360'>