Drop sensor IDS attack package?

Similar Questions

• Icons of drop-in customized for packaging stand-alone application on Mac OS x

  I can't add icons customized to a standalone package built on MacOSX.
  
  JDK1.7.0_06 with JavaFX 2.2.
  
  Directory structure:
  TestFX
  -bin
  -(update of class files)
  -build
  -Test.jar
  -deploy
  -package
  -macosx
  -Test.icns
  -Test - volume.icns
  
  From the Terminal:
  CD TestFX
  deploy - native - title "TestApp" - seller 'James Clément' - description "Quick Test Application" appclass - edu.marshall.denvir.tests.fx.TestFX - width 400 - height 400 - name 'Test' - outdir javafxpackager - deploy - Test - build srcdir - v outfile
  
  This creates the natives and DMG packages and they work, but there is no custom icons for file DMG installer or .app (just gray coffee cup icon).
  
  Here is the result. What confuses me is the 4th line and similar, with 'add package/macosx/Test.icns to the classpath to customize. " This file is relative to the current directory, but for some reason any is not picked up. If I switch to Windows (via VMWare) and add some windows/Test.ico in the package and run the same command, the custom .ico file is recognized.
  
  Looking for price for type = all = any format
  Prepare the Info.plist file: /var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/macosx/Info.plist
  Using the default package [config file] resource (add package/macosx/Info.plist to the classpath to customize)
  Using the default package resource (add package/macosx/Test.icns to the classpath to customize) [icon]
  Creation bundle app: /Users/jdenvir/Documents/workspace/TestFX/deploy/bundles/Test.app
  Running [rm,-f, Users/jdenvir/Documents/workspace/TestFX/deploy/bundles/Test.app/Contents/PlugIns/jdk1.7.0_06.jdk/Contents/MacOS/libjli.dylib]
  Running [ln,-s... / Home/jre/lib/jli/libjli.dylib,.] in deploy/bundles/Test.app/Contents/PlugIns/jdk1.7.0_06.jdk/Contents/MacOS
  Configuration files are saved in var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/macosx. Use them to customize the package.
  Package building for Test DMG
  Prepare the Info.plist file: /var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/macosx/Info.plist
  Using the default package [config file] resource (add package/macosx/Info.plist to the classpath to customize)
  Using the default package resource (add package/macosx/Test.icns to the classpath to customize) [icon]
  Running [ln,-s... / Home/jre/lib/jli/libjli.dylib,.] in /var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/images/dmg.image/Test.app/Contents/PlugIns/jdk1.7.0_06.jdk/Contents/MacOS
  Configuration files are saved in var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/macosx. Use them to customize the package.
  Using the default package [dmg background] resource (add package/macosx/Test-background.png to the classpath to customize)
  Using the default package [volume icon] resource (add package/macosx/Test-volume.icns to the classpath to customize)
  Using the default package resource [script to run after the application image is filled] (add package/macosx/Test-post-image.sh to the classpath to customize)
  Preparation of installation dmg: /var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/macosx/Test-dmg-setup.scpt
  Using the default package [DMG configuration script] resource (add package/macosx/Test-dmg-setup.scpt to the classpath to customize)
  DMG file creation: /Users/jdenvir/Documents/workspace/TestFX/deploy/bundles/Test.dmg
  Running [usr/bin/hdiutil create - quiet, - srcfolder, var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/images/dmg.image, - volname, Test, - ov, var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/images/Test-tmp.dmg -, format, UDRW]
  Running [usr/bin/hdiutil, attach, var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/images/Test-tmp.dmg, - quiet -, mountroot, var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/images]
  Running [osascript, var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/macosx/Test-dmg-setup.scpt]
  Running [developer/tools/then-a, C, var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/images/Test]
  Running [usr/bin/hdiutil detach,-quiet, var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/images/Test]
  Running [usr/bin/hdiutil, convert, var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/images/Test-tmp.dmg,-calme,-UDZO, - o, format Users/jdenvir/Documents/workspace/TestFX/deploy/bundles/Test.dmg]
  Installer DMG of Test result: /Users/jdenvir/Documents/workspace/TestFX/deploy/bundles/Test.dmg
  Configuration files are saved in var/folders/sd/8_vhkpzj539bxcjgp27wb75r0000gn/T/build6438886407189596362.fxbundler/macosx. Use them to customize the package.

  It is indeed a bug in utility javafxpackager introduced towards the end of the release. It has impact on Mac and Linux
  You can fix it on your copy of the javafxlauncher - edit
  /Library/Java/JavaVirtualMachines/JDK1.7.0_06.JDK/contents/home/bin/javafxpackager
  and
  replace
  classpath="$javafx_home/lib/Ant-JavaFX.jar".
  with the following line
  classpath=".:$javafx_home/lib/Ant-JavaFX.jar".

  I'll make sure that this problem is fixed in point 2.2.2.

• Memory required for the upgrade of IDS Sensor 4.1 (5) to 5.0 (IPS)

  pls tell me the desired memory minimum for the sensor IDS version 4.1 upgrade (5) to version 5.0 (IPS)

  Detectors of the series 4200 ID must be at least 512 MB for this upgrade to 5.0.

  Read the release notes for more information:

  http://www.Cisco.com/en/us/products/HW/vpndevc/PS4077/prod_release_note09186a008045ab52.html

  I hope this helps. all the best... the rate of responses if deemed useful...

  Concerning

  REDA

• IDS Sensor clock display inconsistencies?

  Hi all

  don't know if anyone has found it before. When I connect to my sensors IDS via SSH using a standard account the command "show clock" gives me an answer an hour earlier than planned. The sensor is configured to use NTP, and I suspected that the problem is with the summertime daylight savings settings.

  However, isn't there it gets a little confused: when I connect the sensor using the service account (Linux OS), the system time seems to be OK.

  I tried to take the ntp server to the equation with little success. What tends to happen is that when I enter in a time maunually, it sill subtracts an hour? (for example I go to 14:00 and "show clock" tells me that the time is 13:00) The impression I get is that the sensor is not analyzed properly advanced economy settings.

  Another question in this regard is that the Zone name and the names of the DST Zone are of importance or are they simply focus on naming variables? We are located in Sydney, Australia, so I smply Mater WAS for both. Thanks in advance.

  There is a bug in DDT cisco written against this problem:

  CSCed61826 - IDS summer time / dst incorrect show for the area of the southern hemisphere

  Description:

  If you have installed summertime (spanning the new year) and

  your time is during the summer AND past January 1, then

  on/off time are in error was calculated for the following

  Summertime (the following year).

  Please find below the result

  to see the clock det before reboot and after reboot.

  Before the reset:

  4215-1 # sh clock det

  * 12:53:01 AEDST Sunday, February 1, 2004

  No time source

  Daylight saving time starts at 03:00 AEDST Sunday, October 5, 2003

  DST ends at 01:00 EAST Tuesday, March 30, 2004

  After the reset and ID is:

  4215-1 # sh clock det

  * 01: 55:53 UTC Sunday, February 1, 2004

  No time source

  Daylight saving time starts at 03:00 AEDST Sunday, October 3, 2004

  DST ends at 01:00 EAST Monday, March 28, 2005

  (SEE here it's show WAS instead of AEDST, and it seems

  to be moved to the new year because summer time start and stop

  2004 and 2005 already, instead of the supposed 2003 to 2004 yet)

  4215-1 # sh clock det

  * 11: 56:27 EAST Sunday, February 1, 2004

  No time source

  Daylight saving time starts at 03:00 AEDST Sunday, October 3, 2004

  DST ends at 01:00 EAST Monday, March 28, 2005

  (For that to be fixed I have to make the system get the sorrect)

  Summert-start and stop years 2003 and 2004, then he would get

  February corrected again to AEDST)

  4215-1 # clock set 13:18 November 1, 2003

  4215-1 # sh clock det

  * 12:18:02 WAS Saturday, November 1, 2003

  No time source

  Daylight saving time starts at 03:00 AEDST Sunday, October 5, 2003

  DST ends at 01:00 EAST Tuesday, March 30, 2004

  4215-1 # clock set 13:18 February 3, 2004

  4215-1 # sh clock det

  * 13:18:01 am AEDST on Tuesday, February 3, 2004

  No time source

  Daylight saving time starts at 03:00 AEDST Sunday, October 5, 2003

  DST ends at 01:00 EAST Tuesday, March 30, 2004

  4215 1 #.

  In addition, if I play then with clock as I do November

  2004, then DST moves for 2004-2005, once again, and if I come back

  for February, then he would show as WAS once again, not AEDST.

  4215-1 # clock set 13:18 November 1, 2004

  4215-1 # sh clock det

  * 12:18:03 WAS Monday, November 1, 2004

  No time source

  Daylight saving time starts at 03:00 AEDST Sunday, October 3, 2004

  DST ends at 01:00 EAST Monday, March 28, 2005

  4215-1 # clock set 13:18 February 3, 2004

  4215-1 # sh clock det

  * 12:18:02 WAS Tuesday, February 3, 2004

  No time source

  Daylight saving time starts at 03:00 AEDST Sunday, October 3, 2004

  DST ends at 01:00 EAST Monday, March 28, 2005

  4215 1 #.

  workaround solution:

  If configure you summertime (spanning the new year) and your current time is summer

  period AND after January 1, then the summer start/stop times are calculated in error for the

  following summertime (the following year).

  In Australia, the summer time is start Oct, and stop on March.

  In February 2004, it should now be summer time "AEDST" Tuesday, February 3, 2004.

  Show clock retail should have something close to

  Daylight saving time starts at 03:00 AEDST Sunday, October 5, 2003

  DST ends at 01:00 EAST Tuesday, March 30, 2004.

  However, if the show clock detail shows DST next years:

  Daylight saving time starts at 03:00 AEDST Sunday, October 3, 2004

  DST ends at 01:00 EAST Monday, March 28, 2005

  Then February would not show the correct time

  "GMT" Tuesday, February 3, 2004

  We can try to correct information in time making you temporarily a year back and in the summer

  period of time, then correct the time again.

  for example:

  4215-1 # clock set 13:18 November 1, 2003

  4215-1 # sh clock det

  * 12:18:02 WAS Saturday, November 1, 2003

  No time source

  Daylight saving time starts at 03:00 AEDST Sunday, October 5, 2003

  DST ends at 01:00 EAST Tuesday, March 30, 2004

  4215-1 # clock set 13:18 February 3, 2004

  4215-1 # sh clock det

  * 13:18:01 "AEDST" Tuesday, February 3, 2004

  No time source

  Daylight saving time starts at 03:00 AEDST Sunday, October 5, 2003

  DST ends at 01:00 EAST Tuesday, March 30, 2004

• Installation of IDS OS on hard disc

  I have an IDS 4230 FE and downloaded the software following cisco IDS-42XX-K9-r-1.2-a-4.1-1-S47.tar.pkg, but I am unable to install this on my IDS sensor. Does anyone know how?

  This package will not install on a blank hard drive. It can be used only to convert existing recovery partition a race application partition.

  You will need a recovery CD and will have to start from the CD.

  To get a CD you would need an active Service Cisco for IPS contract of maintenance on the sensor, and then you can order the CD from recovery of $0.

  Understand that the IDS-4230 is not supported with version 5.0 and higher versions of IPS. It is supported only in respect of the IDS 4.1. And is no longer supported for new updates of Signature IDS 4.1.

  I'm not sure it's worth spending your time to get a picture of version 4.1 ID running on your sensor IDS-4230.

  Just make sure it is an IDS-4230 and not an IDS-4235. The IDS-4235 is a more recent and updated signing day always cared for and received.

  You would still, however, need a Cisco Service to date for the maintenance contract of IPS for the sensor to obtain the latest updates for the sensor.

• Signature digital invalid error when refreshing a sensor

  Hello. One of our six sensors IDS recently stopped accepting updates the signature. The error I get after attempting an update is:

  "Sensor : Signature Update process.

  An error has occurred during execution of the script of update on the sensor that is named .

  "Retail = an error occurred the sensor during the update sensor message = idsPackageMgr: digital signing of the updated file was invalid, the CEC to replace the corrupted file.

  I tried to replace the damaged file, no luck. I also tried to update the sensor by any means (IDSMC, CLI), update automatic and manually via the web gui, using several versions of different signature.

  Finally, I shot the S190 S189 sensor. Now, I can not yet re - apply the S190 same day I orriginally did, I get the same error.

  Is there a way to reset the mechanisim that verifies the digital signature on the sensor? Is there anything else I can do?

  Any input would be appreciated!

  I am assuming that you are using a 4.x

  Try this:

  1. download http://www.cisco.com/cgi-bin/tablebuild.pl/ids4-sigup S192

  2. install the CLI sigupdate

  3 re - import the sensor IPS MC

  Or you can try to remove the MC sensor, re-importing then apply the S192 sigupdate.

• Signature update by group MC IDS?

  I just changed to the top in the world of CSPM IDS MC on virtual computers. Nice interface, but is there not a way to create a signature that I can apply to a set of sensors? Part of the reason why you have a center console is to enable management group (I thought)... and same CSPM had this.

  -James

  Copy the signature on all sensors ids by using the copy command. Then build and deploy on all sensors. You can do the same for filter etc.

• Comparison of the SNR-2FE-DM against IDS-4230-FE

  Hello

  I have the opportunity to buy an old NRS-2FE-DM, but after some research, I noticed that this product has a date of end of LIFE of March 2000. My question is, the SNR-2FE-DM will be able to handle the upgrade to 3.x software which makes it able to be used in our current environment the SENSOR IDS-4230-FE and DIRECTOR platforms and managed by our DIRECTOR is in place? Thank you.

  Jeff

  Jeff,

  The NRS-2FE-DM unit will execute a 3.x software, but you may need to upgrade the memory according to product Bulletin No. 1143 (http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/prodlit/1143_pb.htm) to do this (depending on whether or not this update has already been done).

  You can use a 2.5 or 3.x Upgrade/Recovery CD to install the software 3.x. NRS and IDS devices used the same CD with the software versions 2.5, 3.0 (1) and 3.0 (5), but separate CD were used for the release of 3.1 (3). Make sure you use the correct CD for the camera of SNR. You will need to buy a SmartNet contract for this unit to install the 3.x software legally. Once you purchase a support contract, you can order the update/restore CD last at CCO for free.

  You will not be able to upgrade beyond 3.x, as NRS devices are no longer supported since version 4.0.

  -Rusty

• IDS PIX "fat Ping".

  Is it possible to allow ping big answers through the signature of PIX IDS attack without completely turning off the ID?

  Hello

  Use the command 'ip signature verification' to disable this signature

  signature verification IP:

  Specify the message to display, establish a comprehensive policy to a signature and disable or exclude a signature verification.

  I think that the signature is 2151: large ICMP traffic

  Hope this helps,

  Christophe

• ODI-package

  Hello

  I have several packages, how to operate my packets, parallel - this possible in ODI 11 g

  You can drag and drop components, such as packaging, interfaces, or procedures in the steps of hierarchy of workload. ODI will automatically create a scenario for your packages execution step.

• Schools in class drag and drop printing patterns, not allowing me to drag-and - drop!

  Hello

  I have LR 5.7 and bought print templates of Coles in class, a Communicator, respected and well-known photography on the web. The models are supposed to be drag and drop (from the film). then when they are installed and you choose a template in the print Module in custom templates, you can simply drag and drop your images directly in the model in the main window.

  Unfortunately, I can't do it. Models are there, they are installed properly in LR and I can click and bring up all the different models (there are many). But I can't seem to pick up and drag images into the model of the film, as shown and described by Cole in his video tutorials. It seems there was little problem of anyone with these models and it is a problem that Cole himself has never met before. He said 'turning normal and turns off again' what I did and had no effect. I uninstalled and reinstalled the models and it has no effect. I cannot yet pick up and drag images from the film on the bottom in the model.

  I have not tried a huge amount to remedy this that frankly, I don't really know where to start. But just try to find the problem, I found that when I clicked on the Picture Package, at the top of the column on the right in the print module, ALL of my images from my collection have already been put in separate models for each image. As I've never really used before printing module, I don't know if this has an effect on me to be able to drag and drop in a different package and so to stop me to do?

  These models were expensive and it seems I'm the only person who seems to have had this problem with them. Is there something I need to turn it on, or move or change for me to enable drag and drop images, or am on a loser with this one?

  Sorry for the long post, but to a loss complete as to what this might be?

  John

  John,

  I don't know about your models, but in general, you need to drop by the image , not its surroundings of the border.

  HAL

• drop and import pks and pkb

  Aloha,
  
  I imported a database(11gR2), using the normal import process. I intend to drop (if possible) only packages and import the discharge even only packages. If possible, please be so kind as to find out the process and the necessary script.
  
  Thanks in advance.
  
  Kind regards
  Hades

  export / import of Dose not do what you want, use impdp with the exclude option

  BR
  Osama

• How to call a package in the package?

  Is it possible to call an existing package in a new package in ODI 10.1.3.4.5? If so, please guide me.
  
  Thank you very much.

  Hello
  You must create a script for the package that you want to call.
  Drag and drop it into the "package of appeal".

  Thank you

• PIX does not allow packets loarge

  I can ping with l - 992, but fail with-l 993.

  Ping 172.16.17.1 with 992 bytes of data:

  Reply from 172.16.17.1: bytes = 992 time = 1ms TTL = 254

  Reply from 172.16.17.1: bytes = 992 time = 1ms TTL = 254

  Reply from 172.16.17.1: bytes = 992 time = 1ms TTL = 254

  Reply from 172.16.17.1: bytes = 992 time = 1ms TTL = 254

  Ping statistics for 172.16.17.1:

  Packets: Sent = 4, received = 4, lost = 0 (0% loss),

  Time approximate round trip in milli-seconds:

  Minimum = 1ms, Maximum = 1ms, average = 1ms

  Ping 172.16.17.1 with 993 bytes of data:

  Request timed out.

  Request timed out.

  Request timed out.

  Request timed out.

  Ping statistics for 172.16.17.1:

  Packets: Sent = 4, received = 0, lost = 4 (100% loss),

  I also see that attached to the devices in the DMZ are taken excessively long time.

  The MTU size on all interfaces is always the default value of 1500.

  Hi Jimmysturn:

  Which is likely happened here is that you have ID political attack linked to your external interface with the action 'drop' or 'reset' all packages that match the signature in the category of the attack.

  Signature 2151 (large ICMP) will drop packets hit the PIX off interface or those who pass through the PIX outside interface when you ping with large packet size (+ 993 bytes):

  From your post, you must have had the following policy of IDS on your PIX:

  IP audit name attackpolicy attack action fall

  (or

  IP audit name attackpolicy action fall attack alarm

  or

  attack IP audit name attackpolicy raz action alarm

  or both)

  If you want to ping with big package, there are several things you can do:

  (1) remove the policy of "attackpolicy" completely from your external interface. It will turn off all of the IDS signatures in the category of the attack.

  Carefully look at this and see if it's what you want to do.

  To achieve the above, issue the following command:

  "no interface verification ip outside of attackpolicy"

  (2) turn off the signature 2151 by running the command:

  "disable signature verification ip 2151.

  That would disable only the big signing of ICMP attack while leaving the other signatures of attacks in the category of GIS attack ON.

  (3) set signature action to open a session (a syslog server or the internal buffer) large ICMP packets instead of dropping. Again, this should be determined carefully as option 1.

  To achieve the above goal, issue the following command:

  IP audit alarm action name attackpolicy attack

  It will be useful.

  Please indicate the position accordingly if you find it useful.

  Sincerely,

  Binh

• Alerts are LOST somewhere in the phase of substitution of Action...

  I have very, very strange statistics on my sensor. I deleted it a few minutes ago, and now it is as follows:

  Preliminary statistics SigEvent

  Number of dings = 60

  Number of alerts used by AlertInterval = 0

  Number of alerts used by number of events = 0

  Number of alerts first FireOnce = 0

  Number of alerts intermediate FireOnce = 0

  Number of summary first alerts = 8

  Number of intermediate alerts summarized = 43

  Number of regular summaries Final alerts = 8

  Number of overall summaries Final alerts = 0

  Number of Active SigEventDataNodes = 10

  Number of output for further processing alerts = 60

  SigEvent Action Override statistical Stadium

  Number of alerts received by the processor to replace action = 60

  Number of alerts where a substitution has been applied = 0

  Added actions

  deny-attacker-inline = 0

  deny-attacker-victim-pair-inline = 0

  deny-attacker-service-pair-inline = 0

  deny connection inline = 0

  deny package inline = 0

  change package inline = 0

  Journal-attacker-package = 0

  Journal-pair-package = 0

  Journal-victim-package = 0

  products-alert = 0

  products-verbose-alert = 0

  connection block request = 0

  request-block-host = 0

  request-snmp-trap = 0

  connection-tcp reset = 0

  request-rate-limit = 0

  SigEvent Action filter statistics course

  Number of alerts received by the processor of Filter Action = 0

  Number of alerts where action has been filtered = 0

  Number of filter line is = 0

  Number of filter line is causing a decrease in DenyPercentage = 0

  Filtered shares

  deny-attacker-inline = 0

  deny-attacker-victim-pair-inline = 0

  deny-attacker-service-pair-inline = 0

  deny connection inline = 0

  deny package inline = 0

  change package inline = 0

  Journal-attacker-package = 0

  Journal-pair-package = 0

  Journal-victim-package = 0

  products-alert = 0

  products-verbose-alert = 0

  connection block request = 0

  request-block-host = 0

  request-snmp-trap = 0

  connection-tcp reset = 0

  request-rate-limit = 0

  SigEvent Action handling statistical stage.

  Number of alerts received by the processor of manipulation of Action = 1

  Number of alerts where was forced to produceAlert = 0

  Number of alerts where produceAlert was off = 0

  Actions performed

  deny-attacker-inline = 0

  deny-attacker-victim-pair-inline = 0

  deny-attacker-service-pair-inline = 0

  deny connection inline = 0

  deny package inline = 0

  change package inline = 0

  Journal-attacker-package = 0

  Journal-pair-package = 0

  Journal-victim-package = 0

  products-alert = 1

  products-verbose-alert = 0

  connection block request = 0

  request-block-host = 0

  request-snmp-trap = 0

  connection-tcp reset = 0

  request-rate-limit = 0

  County of SigEvent by Signature since reset

  GIS 60000.0 = 1

  Yes, unique signature shot, but of the "preliminary stage alerts', there were 60! What happened to the other 59 alerts?

  Only when the alert is at least an action to it passed to the action handler.

  59 other alerts did so not any event of action. No action has been added directly from the definition of signature, or type of alert actions have been removed because of the data reduction actions have been removed by filters.

  There are several signatures that are intentionally created without actions. These signatures are what we call meta element signatures. Themselves they don't mean much and so we remove all actions and that they don't generate alerts in the eventstore. They trigger internally at sensorApp but not this written in the eventstore. These alerts are controlled internally by signatures of Meta. When several component signatures are triggered, then a Meta signature can trigger and it's the Meta signature which would have an action products-alert event and be written in the eventStore.

  With the summary of the signature has a products-alert action, but the summarizer routines see if the signature fires several times with the same addresses. The synthesis tool thanks to an alert on the first release. Triggers later with the same set of address will result Summarizer automatically remove products-alert action (and other alert causing actions). If summarized alerts get written to the eventStore.

  NOTE: In your output, this happened at least 43 of these alerts.

  The filters can also be corresponding alerts and filters can be remove the event actions.

  So if the actions of the event have all be deleted (or none have ever been added), then the alert will not be passed to the action handler.

  In the output only 1 of the 60 alerts wound up with all the actions that need to be executed.