I was testing Log Analyzer using a script that sends out 7 unique syslog messages all at once.
The severity level (-l 1, -l 2, -l, 3, etc....) is unique for each message as well as the message text itself.
klog -h 10.157.148.152 -l 1 -m "shark level 1-Alert"
klog -h 10.157.148.152 -l 2 -m "shark level 2-Critical"
klog -h 10.157.148.152 -l 3 -m "shark level 3-Error"
klog -h 10.157.148.152 -l 4 -m "shark level 4-Warning"
klog -h 10.157.1481.52 -l 5 -m "shark level 5-Notice"
klog -h 10.157.148.152 -l 6 -m "shark level 6-Informational"
klog -h 10.157.148.152 -l 7 -m "shark level 7-Debug"
I then made a Log Analyzer rule that looked for the work 'Shark' in the message.
I then created an alert and checked the box below that states 'Create a new alert that fires whenever this rule triggers'.
Save the rule.
After that I went into the alert and the only change made to the one that Log Analyzer created was to add some values to the Message Displayed box, added an action to log to the NetPerfMon log and update Custom Properties with a URL.
When I run my script it fires off 7 syslog messages inside of a half second.
klog -h 10.157.148.152 -l 1 -m "shark level 1-Alert"
klog -h 10.157.148.152 -l 2 -m "shark level 2-Critical"
klog -h 10.157.148.152 -l 3 -m "shark level 3-Error"
klog -h 10.157.148.152 -l 4 -m "shark level 4-Warning"
klog -h 10.157.1481.52 -l 5 -m "shark level 5-Notice"
klog -h 10.157.148.152 -l 6 -m "shark level 6-Informational"
klog -h 10.157.148.152 -l 7 -m "shark level 7-Debug"
If I go into the new Syslog Viewer they look like this:
I would hope to see 7 syslog triggered alert messages show up in my All Active Alerts console but the alert is only catching one of them.
Once this alert is acknowledged it will never trigger again regardless of how many syslogs are sent until the Orion server is rebooted.
Seems like I have something set up wrong?