Configuring Log Alerts

You specify that a log event should generate an alert (by setting "alert" :true in the rule).

If you specify a content match, the entire content must match — if you want to match on a partial string, you must provide wildcards as appropriate to allow matching the entire string.