So our Cisco logging and snmp traps point to Solarwinds currently. For most uses, it's great! We've been able to set up email alerts for traps such as AP's going offline, power supply failures, etc.
I would like to create a Syslog Viewer alert that will forward ALL Critical or higher syslog severity messages to an email address. Unfortunately, it is also sending power supply failure messages since they are considered a Critical. I want to separate out the power supply messages into their own alert, and all others in their own.
I've been monkeying around with Regex to do this, and it sounds as if we need to set up a negative lookahead to match everything but a specific string within the syslog messages.
^(?!.*PLATFORM).*$
The above seems like it would do the trick, but it doesn't actually match anything. Does anyone have any ideas on how I can get this alert to work the way I want to?
Thanks for any advice,
pwz
