Windows Event Log parser file not filtering

Started by Tomaric, March 12, 2014, 03:56:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Tomaric

March 12, 2014, 03:56:05 PM Last Edit: March 12, 2014, 08:15:54 PM by Tomaric
Curious. I have these parser file.

<parser>
  <file>*Application</file>
  <rules>
    <rule>
      <Level>1</Level>
      <match>(.*)</match>
      <event params="1">100804</event>
    </rule>
   
    <rule>
      <Level>2</Level>
      <match>(.*)</match>
      <event params="1">100803</event>
    </rule>      
  </rules>
</parser>

The idea is if there are a error or warning in Windows application log file to send an email. The only issue is it sends every event, the parser does not filter. Is my format incorrect in the parser file? I've tried using both <level> and <severity>

One issue here is since the filter does not filter "information" logs once I turn this filter and alerts on NetXMS goes into a continuous loop of alerts and emails. Kind of a show stopper.

Thanks

Victor Kirhenshtein

#1
March 18, 2014, 05:41:18 PM
Hi!

Parser XML element names are case-sensitive. You should use <level> instead of <Level>.

Best regards,
Victor
Print
Go Up Pages1
User actions