cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Make Log Analyzer so it is not single threaded.

Make Log Analyzer so it is not single threaded.

I did some testing with Log Analyzer both with receiving syslog messages and reading log events from the Application logs.

In both cases if you have a single rule it will trigger once and then never trigger again until it is acknowledged or reset by a rule event.

So if you have an event called Door Alarm - Door 1710, and each time a badge reader is scanned it sends a syslog to NPM.

If Fred, Barney, and Dino all scan their badge to get in the alerts would look something like this:

11:08:14 AM 5/15/19 Door Alarm - Door 1710 - Fred has scanned in

11:08:22 AM 5/15/19 Door Alarm - Door 1710 - Barney has scanned in

11:08:31 AM 5/15/19 Door Alarm - Door 1710 - Dino has scanned in

In the old Orion Syslog I would get an event to trigger a alert every time and I could have an email or other alert trigger sent every time.

In the new Log Analyzer for the same Fred, Barney, Dino event I would get:

11:08:14 AM 5/15/19 Door Alarm - Door 1710 - Fred has scanned in

In the new Log Analyzer I would get an email or other trigger event for Fred only. No alert for Barney or Dino.

Seems like it runs on a one minute cycle and only gets the first record of that minute. If the message is acknowledged by an operator or if there is a reset condition met

the alarm will re trigger on the next one minute cycle but in either event you are only getting a single event per minute.

I would like for EVERY event to trigger an alert action. Seems like that is what the product should do but is doesn't seem to work.

Support Case #00309262

Here is a detailed post on how I was doing the testing: