CISCO Logging and Log Parser

Started by boozecow, February 25, 2016, 10:59:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

boozecow

February 25, 2016, 10:59:24 PM
Hi, I create a Syslog Parser to detect storm in the network.
When I create my test, I get the event:
TimeStamp date ... source ... severity Critical ... Facility Local7 ... Host name ... tag ... @SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port GigabitEthernet0/14 ....

In the Log Parser I created the rule:
Matching regular expression : *BLOCK_BPDUGUARD*
Severity : Critical
And I generate an alert.

Is is possible to forward all the content of the syslog message to the alert or email ?

Thanks in advance for your help !

tomaskir

#1
February 29, 2016, 04:15:53 PM
You can send parameters to the event from the Syslog Parser using standard regex capture groups.

For example regex
Code Select

.*SPANTREE-2-BLOCK_BPDUGUARD: (.*)

Would send the rest of the message (what gets captured inside the brackets) to the event.
Configure the parameters to 1, and handle the rest in EPP/action.
Print
Go Up Pages1
User actions