Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

need help with syslog alerts

I need help with syslog alerts. I've created a syslog alert that basically alerts our group when there is a warning of error in the Windows event log and this seems to work ok. I would like to create a 2nd alert for specifics, such as when a warning or error from 2 specific servers and when the message contains "Websense" of "WBS" and then send the alert to a specfic email address.

If I disable the 1st alert it seems to work but it will not work as long as the 1st alert is enabled. I do have other alerts that seem to work which are for different types of errors. It seems as if Orion will only send the 1st alert and not the 2nd id they are related.

Any suggestions would be very much appreciated......

Find more posts tagged with

Accepted answers

byrona

Each syslog that Orion receives should be tested against each rule in your list unless you have the Stop Processing in the action tab. Having the Stop Processing will stop the syslog message from being tested against further rules in the list. This is why it can be important to have your rules in a specific order.

Do you have the Stop Processing in the action tab for teh first rule that you have setup?

All comments

byrona

Do you have the Stop Processing in the action tab for teh first rule that you have setup?

kamintech

I must be overlooking something. I don't see a stop processing. You are taking about the syslog viewer, right?

byrona

Correct

In the syslog viewer where you setup your alerts, in the action tab where you set it to email you there is also an alert option called Stop Processing. You want to make sure you don't have that on your first rule so that anything that matches the rule can continue to be tested against other rules.'

I am not suggesting that this is causing your problem, only that it is a possibility to check.

arik

Hello,

I am Arik Smith. Today I use this forum first time. I like all part of the forum and I learn very much from your forum. Please give me the proper guidance about syslog alerts.

I m very happy after using this forum and I appreciate your guidance.

Thank You.

_______________________________________

Want to get-on Google's first page and loads of traffic to your website?
Hire a SEO Specialist from Ocean Groups [url=http://oceangroups.org/]seo pecialist

kamintech

No, I do not have any Stop processes running.