I would like to use the () and | operators to alert on syslog messages.
Example log messages:
GlobalProtect gateway client configuration released. User name: dude, Private IP: 192.168.3.33, Client version: 4.0.3-31
GlobalProtect gateway client configuration released. User name: bear, Private IP: 192.168.3.30, Client version: 4.0.3-31
GlobalProtect gateway client configuration released. User name: guy, Private IP: 192.168.3.30, Client version: 4.0.3-31
Using standard regular expression syntax, this expression matches all 3 of the above:
.*GlobalProtect.*(dude|bear|guy).*
However, this is not matched in the Orion syslog "Message Pattern" box (at /orion/netperfmon/syslog.aspx) , nor is it matched in the syslog alert configuration tool in the Syslog Viewer, not even if you enable regular expression matching.
WHAT DO?
