Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

syslog viewer filter questions

I need help right now. This problem is specific to syslog.
I set up filters to delete and not allow certain event messages from coming into the syslog database. The filtered out messages ARE NOT displaying in the syslog database BUT ARE being emailed to my support group, i guess by falling through to a lower alert. These delete filter alerts are first in line.

I am checking for a lot of things, so I thought maybe the syslog message pattern was too long, and I broke it into 3 alerts - still no luck. I also checked thwack and the only thing I saw was that someone might be having problems filtering out messages that have colons (:) in them.

I do not know how to fix this - help - thanks

Find more posts tagged with

Accepted answers

All comments

SamuelB

In the Alert Actions for the rules where you filter out the messages, have you added the action to "Stop Processing Syslog Rules"? This may fix your problem.

amartinhigh

no I have not. What does that do? Is there a master list somewhere that explains the ins and outs of the different actions? Thanks

amartinhigh

Ah - I get it. I am thick and it takes a few for it to sink in. I'll try that and see what happens.

amartinhigh

This seems to have worked well with the following exception: I have the filters screening out anything less than an event error, but I still have one informational message sneaking through, although others are stopped, and I am applying this filter to * machines. Any ideas? this is it below:

11/11/2007 9:00 PM : Application Nov 11 2007 09:00:24 HIIPTRANSPRD %Application: MySQL Administrator : The message '1' for application 'MySQL Administrator' could not be formatted using library(ies): 'C:\Program Files (x86)\MySQL\MySQL Tools for 5.0\libmysqladminmsg.dll'. The log entry contains the following replacement strings:'Backup file C:\Documents and Settings\root\My Documents\FullBackup 20071111 2100.sql written successfully.'