I've enabled some debugging on a voice gateway router and I am forwarding the logs to Solarwinds for visibility. I would like to alert based on a specific set of characters, something like
However it appears that the alert I've set up only sends me a single line rather than the entire debug message. Example email we receive looks like
8/9/2018 9:39 AM : 1907028973: SIP/2.0 487 Request Cancelled
However I know there is more to these alerts, as a full message may look like
Jun 3 09:36:18.495 PST: //7195130/FA906982A706/SIP/Msg/ccsipDisplayMsg:
SIP/2.0 487 Request Cancelled
Via: SIP/2.0/UDP 188.8.131.52:5060;branch=z9hG4bK08Bbc6e867dac28870b
From: "Soup People" <sip:+firstname.lastname@example.org:5060>;tag=gK0851a53b
Date: Sat, 03 Jun 2017 17:36:18 GMT
CSeq: 498233649 INVITE
Each of the above lines comes in individually, so I can't use regex to match against it. Is this something that is a limitation of the Cisco IOS-XE software, or is this how Solarwinds handles syslog messages? Any way to fix it so I can send the entire message?
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.