Syslog Alert does not work

marie12

I need some help, i want to generate an alert based on this syslog message:

%ASA-3-713902: IP = 72.55.11.44, Removing peer from peer table failed, no match!

 

I have tried the following syslog alert, setup, but the alert does not trigger:

Rule is enabled, Source: *, DNS Hostname: *

Message:

Message Type Pattern: *713902*
Syslog Message Pattern: *
(also tried reverse)

Severity/Facility: Everything is checked

 

Please help!

bleearg13

Is this the first rule listed in the alert configuration dialog box?  Normally, if an alert isn't being triggered, it's because either the match parameters are not being met, or the message is hitting a rule further up in the alerts and getting matched on by that rule instead.

Your patterns look good - you can try setting the Message Type Pattern to ASA-3-713902 and seeing if that works.  Also, check to make sure that the syslog service is running (obvious, I know).  If you move this rule to the top of the list and do the other suggestions, try restarting the syslog service itself to see if that works.