user_alert.conf limited regex
Hello, It seems regex in user_alert.conf are limited but I didn't find any good documentation. I would like a script to be executed with this log line: Aug 27 09:03:42 xxxxxxxx.mgt.xxxxxxxx.corp notice tmm2[26043]: 01490549:5: /Common/xxxxxxxx_policy:Common:eb1a58a1: Assigned PPP Dynamic IPv4: 100.100.100.100 ID: d60f8480 Tunnel Type: VPN_TUNNELTYPE_DTLS NA Resource: /Common/Network_xxxxxx Client IP: 100.100.100.200 But not with: Aug 27 09:03:42 xxxxxxxx.mgt.xxxxxxxx.corp notice tmm2[26043]: 01490549:5: /Common/xxxxxxxx_policy:Common:eb1a58a1: Assigned PPP Dynamic IPv4: 100.100.100.100 ID: d60f8480 Tunnel Type: VPN_TUNNELTYPE_DTLS NA Resource: /Common/Network_xxxxxx Client IP: 100.100.100.200 - Reconnect This line takes both but works: alert log_username_vpn_ip "Assigned PPP Dynamic IPv4" { exec command="/shared/scripts/xxxxxxxxxxx.sh" } These two should work but make alertd restarting over and over: alert log_username_vpn_ip "Assigned PPP Dynamic IPv4.*\d$" { exec command="/shared/scripts/xxxxxxxxxxx.sh" } alert log_username_vpn_ip "Assigned PPP Dynamic IPv4.*\d(?!.*Reconnect)" { exec command="/shared/scripts/log_username_vpn_ip_logon.sh" } Any idea?157Views0likes0CommentsHow do I ensure that link status events generate SNMP traps?
I've set my kernel and messages log levels to "notice", and I've set up SNMP trap configuration. I've verified via logger and snmptrap cli tools that the device will send traps and that alertd will send traps if the logs are there, but if I actually disable the interface, the traps don't appear. Does anyone know why this might be happening?392Views0likes0CommentsIs it possible to have dynamic content in custom alerts? alertd/snmp
alertd uses patterns to match input received from syslog to specific alerts (explained here). Is it possible to use elements of the match in the alertd output? Given a log entry 'Feb 18 17:29:03 tmm tmm[22973]: 01230002:4: Interface 0.3: link is down', which alertd matches based on the pattern "Interface %d.%d: link is down", I'd like to be able to extract the digit characters and inject them into the body of an email alert being sent.359Views0likes2Commentsalert email customization options
working form sol3667 (send email from alertd) and sol13180 (configuring email) i got this working. only it remains rather basic, the title of the email is the log line and the body is a fixed text. is this just what it is or is there more to configure? to start with i would like to control the subject and put the details in the body.333Views0likes4Comments