Syslog Alert help

Hello

I was looking for some help with the syslog alert feature. I have an event that happens multiple times a day I writes to the syslogger via snare. I want to be alerted of that event. I setup a new alert thats as open as you can get it but im never alerted. Below is the configuration and the actual alert as the syslog has it. Thanks for any help you can provide.

General tab                   *
DNS Hostname Tab       *
Message Tab
MessageTypePattern    *
SyslogMessage Patter   *has requested a recycle because it reached its private bytes memory limit*
Alert Action is email

**
PROD-WEB03 MSWinEventLog 1 System 2038 Fri 2009 1117 W3SVC Unknown User N/A Information PROD-WEB03 None A worker process with process id of '2184' serving application pool 'DefaultAppPool' has requested a recycle because it reached its private bytes memory limit. 47
**

Find more posts tagged with

Accepted answers

All comments

Donald_Francis

You can make it more "open" by just allowing the alert to kick off for any event or filter by error, warning, critical etc and that way you do not have to worry about the text of your message.

You might also double check your trigger actions to be sure you do not have a mistake there if you have not already.

QuestionsBoyee

I gave the server a reboot and after that manually recycled IIS and it alerted me perfectly. Why a reboot fixed it I do not know but Ill go with it.

On a side note Donald my thought process about let all warnings or errors alert me is ill ignore the important ones because i would get so many. I have about 53 (win)servers 25 devices of some sort that would be a decent amount of alerts.