News:

We really need your input in this questionnaire

Main Menu

Syslog Parser

Started by FHSRZ, October 09, 2019, 05:29:42 PM

Previous topic - Next topic

FHSRZ

Hi,

i want to parse syslog from Cisco devices.

For Example:
I got a syslog message in the syslog monitor like that:
09.10.2019 16:22:43   Cat9300-Stack   Error   Local7   Cat9300-Stack   177   177: Oct  9 14:22:42.872: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/2, changed state to down

Then i want that a Event creates a message in my alarm browser.
So far so good. That works already but i want to that in the alarm browser the field count increments.

Any ideas how i can do that?

Best regards

Tursiops

If the same event on the same device triggers the same Alarm key, then the counter should increase rather than a second alarm being created.
The Alarm key is set as part of the Event Processing Policy.

You can also check the Alarm Log (not the Alarm Browser) to see the exact Keys for the two alarms in your screenshot, which might help you in determining where things are going wrong.

FHSRZ

Thank you. I added a Key in the Event Processing Policy and now it works.