4 Replies Latest reply on Nov 12, 2007 6:00 AM by amartinhigh

    syslog viewer filter questions

      I need help right now.  This problem is specific to syslog.
      I set up filters to delete and not allow certain event messages from coming into the syslog database.  The filtered out messages ARE NOT displaying in the syslog database BUT ARE being emailed to my support group, i guess by falling through to a lower alert.  These delete filter alerts are first in line. 

       I am checking for a lot of things, so I thought maybe the syslog message pattern was too long, and I broke it into 3 alerts - still no luck.  I also checked thwack and the only thing I saw was that someone might be having problems filtering out messages that have colons (:) in them.

      I do not know how to fix this - help - thanks

        • Re: syslog viewer filter questions

          In the Alert Actions for the rules where you filter out the messages, have you added the action to "Stop Processing Syslog Rules"? This may fix your problem. 

            • Re: syslog viewer filter questions

              no I have not.  What does that do?   Is there a master list somewhere that explains the ins and outs of the different actions?  Thanks

              • Re: syslog viewer filter questions

                Ah - I get it.  I am thick and it takes a few for it to sink in.  I'll try that and see what happens.

                • Re: syslog viewer filter questions

                  This seems to have worked well with the following exception:  I have the filters screening out anything less than an event error, but I still have one informational message sneaking through, although others are stopped, and I am applying this filter to * machines.  Any ideas?  this is it below:

                  11/11/2007 9:00 PM : Application Nov 11 2007 09:00:24 HIIPTRANSPRD %Application: MySQL Administrator : The message '1' for application 'MySQL Administrator' could not be formatted using library(ies): 'C:\Program Files (x86)\MySQL\MySQL Tools for 5.0\libmysqladminmsg.dll'. The log entry contains the following replacement strings:'Backup file C:\Documents and Settings\root\My Documents\FullBackup 20071111 2100.sql written successfully.'