Hi
I need to send an an alert when a syslog message appears twice in a 15 minute period. The problem is that I need to match on a string 'Streams' and a 'variable' that can be 1 of 300 words shown below as AAA or BBB or CCC etc....... So I think I need to get a RegEx that matches against Stream and then takes note of the variable say it is 'AAA '
Then if Stream and the variable 'AAA' appears as a syslog twice in 15 mins raise an alert.
If it then matches Stream and BBB dont raise an alert but again take note of the variable value BBB and if thi occurs twice in 15mins raise an alert.
Jan 11 09:22:52.856: Streams 10.32.227.13 : AAA
Jan 11 09:22:52.856: Streams 10.32.227.13 : BBB
Jan 11 09:22:52.856: Streams 10.32.227.13 : CCC
Any ideas?
Thanks.
