Forum Discussion

rob_carr's avatar
rob_carr
Icon for Cirrostratus rankCirrostratus
Jan 16, 2020

Is it possible to have dynamic content in custom alerts? alertd/snmp

alertd uses patterns to match input received from syslog to specific alerts (explained here). Is it possible to use elements of the match in the alertd output?

 

Given a log entry 'Feb 18 17:29:03 tmm tmm[22973]: 01230002:4: Interface 0.3: link is down', which alertd matches based on the pattern "Interface %d.%d: link is down", I'd like to be able to extract the digit characters and inject them into the body of an email alert being sent.

2 Replies

  • That's a very interesting question - i haven't done it but the alert uses regex to detect the correct log so if you had 'Interface (.*?): link is down' then it may appear as $1

    eg

    alert ALERT_NAME "Interface (.*?): link is down" {
    email toaddress="myemail@somewhere.com"
    fromaddress="root"
    body="Link $1 is down"
    }

    Give it a try and let me know

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP

      had to try this but not the effect you hoped for, emails contains

       

      Link $1 is down