Are these log entries from /after/ you created the rule?
It won't match historical entries.
Adam.
From: observium observium-bounces@observium.org On Behalf Of Lars Joergensen via observium Sent: 16 October 2020 10:19 To: Observium observium@observium.org Cc: Lars Joergensen DKLARJ@chr-hansen.com Subject: [Observium] Syslog rule: No logging alert entries found
Hi
We would like to generate an alert on an Aruba switch logging stuff like "ST1-CMDR: port 1/20-Excessive CRC/alignment errors. See help."
So I created a syslog rule that triggered on that expression, but I get "No logging alert entries found!". Then I changed the pattern to just /CRC/ and it still doesn't find anything.
If I go to the syslog menu and search for CRC, I get tons. What am I doing wrong?
Best regards
Lars Joergensen IT Manager - Network Team - Global IT
Chr. Hansen A/S - Boege Alle 10-12 - 2970 Hoersholm - Denmark
Phone: +45 52 18 05 22 mailto:dklarj@chr-hansen.com dklarj@chr-hansen.com - http://www.chr-hansen.com/ www.chr-hansen.com
_____
Disclaimer: This e-mail, including any attachments, is for the intended recipient only. If you have received this e-mail by mistake please notify the sender immediately by return e-mail and delete this e-mail and any attachments, without opening the attachments, from your system. Access, disclosure, copying, distribution or reliance on any part of this e-mail by anyone else is prohibited. This e-mail is confidential and may be legally privileged. Chr. Hansen does not represent and/or warrant that the information sent and/or received by or with this e-mail is correct and does not accept any liability for damages related thereto. https://www.chr-hansen.com/en/legal-notice
