I've enabled some debugging on a voice gateway router and I am forwarding the logs to Solarwinds for visibility. I would like to alert based on a specific set of characters, something like
SIP/2.0
However it appears that the alert I've set up only sends me a single line rather than the entire debug message. Example email we receive looks like
8/9/2018 9:39 AM : 1907028973: SIP/2.0 487 Request Cancelled
However I know there is more to these alerts, as a full message may look like
Jun 3 09:36:18.495 PST: //7195130/FA906982A706/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 487 Request Cancelled
Via: SIP/2.0/UDP 1.2.3.4:5060;branch=z9hG4bK08Bbc6e867dac28870b
From: "Soup People" <sip:+15555555555@1.2.3.4:5060>;tag=gK0851a53b
To: <sip:+15555555555@4.3.2.1:5060>;tag=9D0EAF25-2575
Date: Sat, 03 Jun 2017 17:36:18 GMT
Call-ID: 1432889602_134214362@1.2.3.4
CSeq: 498233649 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-15.5.3.S2
Reason: Q.850;cause=16
Content-Length: 0
Each of the above lines comes in individually, so I can't use regex to match against it. Is this something that is a limitation of the Cisco IOS-XE software, or is this how Solarwinds handles syslog messages? Any way to fix it so I can send the entire message?