-
Type:
Incident report
-
Resolution: Cannot Reproduce
-
Priority:
Trivial
-
None
-
Affects Version/s: 3.4.8
-
Component/s: Server (S)
-
Environment:We have a syslog server (rsyslog) and we monitor several Cisco devices.
Each device has a different log file. We use a Logrt item to analyze each log file to find a specific string and sent it to the good trigger. The issue is that we receive the same alert several times. I guess the item start again in the beginning and sent to the trigger all error/warning and so on.We have a syslog server (rsyslog) and we monitor several Cisco devices. Each device has a different log file. We use a Logrt item to analyze each log file to find a specific string and sent it to the good trigger. The issue is that we receive the same alert several times. I guess the item start again in the beginning and sent to the trigger all error/warning and so on.
Steps to reproduce:
- Item : logrt["/var/log/network/(.log)$","-5-",,,skip]
- Trigger : {Template Syslog Cisco:logrt["/var/log/network/(.log)$","-5-",,,skip].strlen()}<>0
The item search on all file finishing by ".log" and search string "-5-". If found it, the trigger look if the string contains "-5-" and if it is not equal 0.