10-31-2013 06:29 AM
I am running the software appliance version of Cisco Prime LMS 4.2.2. I have a syslog Automated Action that sends out an email notification for any severity 0, 1, or 2 messages. Recently I found out that when a Cisco 2960 crashes, it logs 35 messages that form a report, all at severity 1. I want to get 1 email for this and not 35. My first thought is to use a syslog filter to drop most of the messages except for 1. It looks like the definition of a syslog filter has some regular expression capability that would help in this case, but I can't find a description of it anywhere. What is the syntax of the regular expression capability of a syslog filter???
Thanks for any help.
Dave
10-31-2013 06:24 PM
Hi Dave,
If your need is to get notification for only SEV 1 messages then you can create a filter for it and rest all you can Drop.
go to
Admin > Network > Notification and Action Settings > Syslog Message Filters.
Attached is screenshot for the same. you futher can specify the mnemonics and facility as well ,if you want otherwiese SEV is fine
hope this will help you.
Thanks-
Afroz
[Do rate the useful post]
11-01-2013 10:45 AM
Hi Afroz,
Thank you for your response, but what you described is not what I am looking for. I only want to drop a particular set of severity 1 messages, not all of them.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide