Event and Object Analysis > Capture Results Filtering > Filtration Basics > Rules > Criteria and Conditions

Checks if a message MD5 hash appears twice within a defined period of time (tracking duplicate messages).

Description

This condition checks if a message with the same MD5 hash has already occurred (during the specified period of time).

Format

The "name" attribute:

The name attribute specifies the name of the condition: name="check-md5".

The "time" attribute:

The time="..." attribute specifies the timeout in milliseconds.

This timeout should be not less than 1 millisecond and not more than 5 minutes, which is 5*60*1,000=300,000 milliseconds.

Example:

Delete duplicate messages with the same MD5 if they arrive within 2 seconds.

<?xml version="1.0" encoding="utf-8"?>
<filter name="Message filter" version="1.0">
<comment>Message filter.</comment>

<table name="main">
<rule enabled="1">
<match>
<c name="check-md5" time="2000" />
</match>
<action name="drop" />
</rule>

</table>
</filter>

CHECK-MD5 Condition

CHECK-MD5 Condition