This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Multiple Syslog events resulting in only one Alert

I've never worked with LA/OLV before to create rules (currently on OLV, working to get LA upgrade approved) and honestly, I've never done much with trap/syslog rules before.

I'm working on setting up alerts triggered by syslog events from UPSs.  Currently only working with one as I iron out the bugs.  It's a perfect test case, because it shooting out syslog messages constantly.  Rule setup to trigger on any syslog message from UPS vender1 and vendor2.  I see multiple message in the Syslog Log Viewer, but only a single alert.  I don't have any throttling setup as of yet (get things working first, then tame down the rules), just pretty much a wide open "Any message from any UPS triggers an alert."

What am I missing?  Is this how it should be working, rather than filling up the alert log?  Or is there something I'm doing wrong so that it's not firing off each time?  I plan on turning on the throttling to one message every few hours once I know it's working, but shouldn't I see an alert for each syslog message?  Dozens of messages and only a single alert.

  • There is an implicit throttling when triggering alerts from LA/OLV. While no other actions are throttled, an alert can be triggered only once a minute to prevent alerting service from being overloaded.

    It is possible to decrease the cooldown period (not from the regular UI), but it is highly recommended not to turn it off completely. So it depends on your use case. Would e.g. 1 second cooldown instead of 1 minute cooldown work for you?

  • No, I wasn't looking for anything with that sort of a cooldown, it just appeared that it wasn't working at all.

    I've been messing with this syslog rule and alert for a day, and I think I just somehow messed things up with all of the changes, because it seemed to stop working completely.  I deleted the syslog rule and alert then recreated them from scratch, and now they appear to be working  as expected.

    Thanks for the help.