10 Replies Latest reply on Mar 4, 2010 2:44 PM by benbree

    Event Suppression / Correlation - 4 Syslog Events to 1 new event

    benbree

      Team,

      Has anyone created a method to suppress four similar Syslog events and create one new event that states the root cause.  In my example, I received the following four events and want to create a new event/alert that states "Host 085 is down" since this is the root cause.

      Error Mar  4 03:20:51 nobuslor1 checkmounts.pl[15148]: Pod showing a dysfunctional mount point: 085-Host is down
      Error Mar  4 03:20:51 nobuslor1 checkmounts.pl[15148]: Pod showing a dysfunctional mount point: 085-Host is down
      Error Mar  4 03:20:51 nobuslor4 checkmounts.pl[20379]: Pod showing a dysfunctional mount point: 085-Host is down
      Error Mar  4 03:20:51 nobuslor4 checkmounts.pl[20379]: Pod showing a dysfunctional mount point: 085-Host is down
      Error Mar  4 03:20:51 nobuslor13 checkmounts.pl[25460]: Pod showing a dysfunctional mount point: 085-Host is down
      Error Mar  4 03:20:51 nobuslor13 checkmounts.pl[25460]: Pod showing a dysfunctional mount point: 085-Host is down

      Any ideas?  Appreciate the help and comments.

      Thanks!