We have a Kiwi Syslog NG server that all of our network devices send traps / syslogs too, from there we then send back relevant entries to our Solarwinds server for processing.
Once they reach our Solarwinds Server we have a rule that processes that message and triggers an alert function, which logs an entry into the message centre, as well as sending us an email alert.
All of that works as expected, however I am also trying to get the alert on Solarwinds to read part of the message that lists offending IP addresses so that we not only have the alert, but also have a record of the IP that caused it to trigger.
Below are some screenshots of the Kiwi Setup / Message that arrives and then the Solarwinds part that then shows it being logged and alerted on, but doesn't show the actual message.
Kiwi Rule
Kiwi Message received.
I am interested in the Peer IP address to be part of the Solarwinds Alert.
Log Viewer Rule.
Rule triggers Shunned IPs alert
Shunned IPs Alert settings
Entry on Alerts Page
Entry in Message Centre
So whilst i can get the message from source all the way to alerting in Solarwinds, I am just missing how i can add to the alert on Solarwinds to show me the IP address that triggered it.
Appreciate any help anyone can give / suggest.