Hi,
I want to take action on receiving a syslog message related to BGP like the one below:
BGP Neighbor Change 8388903 myrouter: 8423202: May 28 17:03:53 UTC: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 vpn vrf MY_VRF Down BGP Notification received
I have successfully created a custom rule in the log viewer:
but when this triggers the associated Alert in the alert manager, there doesn't seem to be any way to include the content of the actual syslog message (i.e. "%BGP-5-ADJCHANGE: neighbor 1.1.1.1 vpn vrf MY_VRF Down BGP Notification received") in any of the subsequent actions that I create for the alert. So my emails & workflows contain no context as to what neighbour in which VRF has gone down.
Has anyone succeeded in passing the actual syslog message through to the alert manager for further parsing?
NB. I have tried asking chatgpt and it refers me to non-existent namespaces or non-existent variables, so I've wasted a day on this already!
Thanks in advance!
