Log Entry Actions - Extract Data

I see 'extracting data' referenced under Log Entry Actions, but it is not apparent of how that would be done.  See below pics.  I would like to have this data for using in alerts.  I would expect one of the log entry actions to revolve around extracting data.

Parents Reply
  • If you know the IP address, you could create an alert for each IP with condition that the message contains the IP. It wouldn't work (or it would be very tedious work to set it up) if there are many possible IPs.

    Btw which mesaage type is it (syslog, trap, ...) and can you post an example of the messsage?

Children
  • There are MANY possible IPs :)  Just looking at the syslog:

    May 14 18:35:32: %BGP-5-ADJCHANGE: neighbor x.x.x.x Down User reset

    There is a default log for this, but I am using the routing neighbor alert for that use case.  The only issue with that is you can only poll the routing neighbors once per minute, and I have it set up to auto resolve.  I would like to be able to account for a situation where a neighbor may flap through the up/down state, therefore giving a different type of alert (that may be missed when just alerting of the routing neighbor table at some interval)

  • Hm, you can set the alert to "No reset condition – Trigger this alert each time the rule fires" not to miss any flap, but I'm not sure how to set the threshold only for the same IP address.