NetXMS Support Forum

Related to this https://www.netxms.org/forum/general-support/syslog-parser-how-to-parse-the-actual-syslog-message-in-the-alert/
whereby I want to log incorrect login attempts. But only want to generate the alert when there are i.e. 3 invalid login attempts within 30 seconds
So I set the 'Repeat Count' to 3 and 'Repeat interval' to 30 seconds but it doesn't seem to do anything at all. Every single invalid login attempt generates an alert

Edit: This is a bug
I noticed when I set the timer value in the 'Editor' view it would show, but when I change to 'XML' view the repeatcount is 0
Even if I change it in the XML view, if I exit and come back it goes back to 0 again. That is unless I set the value at least 60 or higher. It seems it doesn't like having any form of seconds as the repeat interval, it must be a minute or more
Edit2: Additionally this seems to apply to all SysLog messages, not to the specific device/IP it was received from

so if I try to login to DeviceA 2x, then DeviceB 2x and repeat this cycle every 60 seconds. I will get a Slack message saying I failed to login to DeviceB on the first attempt (I shouldn't get an alert at all)