I have configured test alerts for the server shutdown for one of my server whose logs are as;
and the rule I configured is as;
But when we have tested by rebooting the system, the logs came but the alert didn't triggered up. Likewise there are many alerts which are not triggering though we received the logs on SA server.
Note: Concentrator is successfully added on ESA and is enabled.
Do anyone know about the root cause?