nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Feature Request - Syslog Alerting

afarmer

I would like to see an alert action added to syslog for NetPefMon Event Log similar to the option in Advanced Alerts. Thanks.

Find more posts tagged with

Accepted answers

All comments

neilmborilla

IMHO, advanced syslog will be enough. It shows all the syslog you want rather than mixing it up with all the events?

FormerMember

afarmer-

just out of curiosity, what can the advanced alerting engine do that the Alerts / Filter rules engine can't do? It has nearly all of the actions available as the Alerting engine

afarmer

If you create an Advanced Alert, click the Trigger Actions tab, and click the Add New Action Button, there is an action to "Log the Alert to the NetPerfMon Event Log". By selecting this, I can create events that appear under the "Last 25 Events" section on my Network Summary Home page or under the Events link on the Orion website. However, this action is not available under the Trigger Actions for Syslog.

FormerMember

So what's the ultimate goal? Do you really need them in the Last 25 Events? Or is that just where you can consolidate them? What if we could provide a consolidated alerts view that included syslog, traps, and advanced/basic alerts?

byrona

I thought it odd that alerting option was not available for Syslog as well. However; I like the suggestion that Denny puts fourth of having a consolidated alerts view where I can see only the alerts I want from all of the different facilities.

To further elaborate on the concept of a consolidated alerts view, I would like to be able to control what goes ino this view and this would ultimately be the list of stuff I actually care about.

simoneidem

You are not alone on this!

Have spent a LOT of time trying to figure out how to get spesific syslog messages into the event list, with no luck.

This simple alert action would do the job in like 15 sec.

RichardLetts

create a custom SQL alert on a node, with a condition that looks something like this:

inner join syslog on syslog.nodeid=nodes.nodeid

WHERE syslogseverity = 3

AND datetime > Dateadd(hour, -1, Getdate())

AND message LIKE '%NTP Server Unreachable'

Change the where clause to match your syslog messages.

simoneidem

What i need is to create an event when there comes a syslog message containing 'LOOPGUARD_BLOCK'.

I tried with this custom SQL alert:

Inner join syslog on syslog.nodeid=nodes.nodeid

WHERE message LIKE '*LOOPGUARD_BLOCK*'

AND datetime > Dateadd(hour, -1, Getdate())

But it did not work. Neither did this one:

WHERE nodeid IN (SELECT nodeid

FROM syslog

WHERE message LIKE '*LOOPGUARD_BLOCK*'

AND datetime > Dateadd(hour, -1, Getdate())

Can you see any errors in these scripts?

Thanks!

RichardLetts

* is the star character

% is the wildcard matching any number of characters

/RjL