Creating events and reset conditions in Syslog

wackamole

I many alerts being forwarded to Solarwinds via syslog with each type of event can be a Critical, Serious, or OK.

I have a syslog rule to catch each event type which triggers an alert and that works great.

The events get sent on a 5 minute basis so I can get many of the same Critical or Serious events until the problem is resolved which then the OK event will be sent.

I want to have the OK rule acknowledge either the Critical or Serious event if one exists but do not want the text of the OK to be processed.

So, the same OK syslog rule is added to the reset condition in both the Critical and Serious defined alerts but neither is cleared.  I have created an alert for the OK as well to verify it is correct and  I see the message but will not reset anything.

Any possible solutions to this problem would be greatly appriciated!

Thanks,

Randy

monitoringlife

I'm sure this is possible but I always prefer to do polling data if you want to clear/reset events when integrating with a ticketing system.  I personally find the polled metrics easier to write alert conditions against.  Do these devices only support syslog?  Does your security policy allow you give us some more details on the devices/vendors?