HPE Community
IMC
1753805 Members
7414 Online
108805 Solutions
New Discussion

IMC Syslog Template matching

 
Johan de Greef
Occasional Contributor

‎03-17-2017 05:56 AM

‎03-17-2017 05:56 AM

IMC Syslog Template matching

Hi!

We are currently implemting some rules to upgrade syslog messages to traps. We are looking to have different pools on our loadbalancer mail different application teams in the event when a pool loses all it's members (unfortunately there are no traps that give enough granularity). 

We have configured different syslog templates to be matched, but are running into issues that a particular rule is getting matched everytime. For example let's say we have 3 pools:
APP-POOL1
APP-POOL11
APP-POOL18

The syslogmessage reads "no available members for pool APP-POOLxx". When pool 11 or 18 go down, IMC matches the pool 1 message, because the syslogtemplate is the same for this part "no available members for pool APP-POOL1". When I disable the APP-POOL1 rule, everything works fine, because the only rules to match are 11 and 18.
Is there a way in IMC to work around this? Can I tell IMC to look at the whole syslogmessage instead of only at the first part when it gets matched?

0 Kudos
1 REPLY 1
LindsayHill
Honored Contributor

‎03-20-2017 02:04 PM

‎03-20-2017 02:04 PM

Re: IMC Syslog Template matching

Hmmm. Looks like a regex problem. You might be able to do something with putting in a more complex regex match.

__
@northlandboy
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.