I would like to create an alert rule that filters on two words in "Message Pattern". I tried a common and an OR inbetween the two words but it does not work.
Have you tried using RegEx for pattern matching? The following example would search for "Dog" or "Cat"
(Dog)?(Cat)?
Another option would be
(Dog|Cat)
Using the Syslog Viewer and setting up a filter will do this for you. I am not sure if this is what you have attempted already. Make sure you match the pattern and use ",' between the patterns. Also make sure DNS Hostname pattern, time of day or other options aren't causing you this issue. Leaving them at defaults and adding the message pattern and alert actions should work.
Zak Kahl
Loop1 Systems
http://www.loop1systems.com
Thanks, the *name*, *name* actually works when used in the Rule. I was testing using the "Search Messages" in Syslog Viewer, which does NOT work.
Bruce
Bruce,
I don't think this will be possible with Syslog Viewer or on the console Syslog viewer. But you could run a quick report for those messages you are looking for.
Report Writer - Select Syslog report, add fields you want in report and filter down to the messages you want.
Or just run a query-
select * from Syslog
WHERE Message LIKE '%message%' OR Message Like '%message%'
A little more work but should get you what you are looking for.
