Alert based on syslog amount

Started by Egert143, June 18, 2019, 02:52:16 PM

Previous topic - Next topic

Egert143

Hello

Wanted to ask if its possible to alert based on how much node has logged syslog messages? For example if switch is usualy quiet and then suddenly starts generating alot of logs, is it possible to detect?

Egert

Victor Kirhenshtein

Hi,

you can configure DCI on a switch with source "internal" and parameter ReceivedSyslogMessages- it is cumulative counter for received syslog messages. Then you can either do delta transformation and create threshold on it or use "diff" threshold on raw value.

Best regards,
Victor

Egert143