cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
833
Views
0
Helpful
2
Replies

Cisco Prime LMS 4.2.2 syslog filter syntax?

dfaught
Level 1
Level 1

I am running the software appliance version of Cisco Prime LMS 4.2.2.  I have a syslog Automated Action that sends out an email notification for any severity 0, 1, or 2 messages.  Recently I found out that when a Cisco 2960 crashes, it logs 35 messages that form a report, all at severity 1.  I want to get 1 email for this and not 35.  My first thought is to use a syslog filter to drop most of the messages except for 1.  It looks like the definition of a syslog filter has some regular expression capability that would help in this case, but I can't find a description of it anywhere.  What is the syntax of the regular expression capability of a syslog filter???

Thanks for any help.

Dave

2 Replies 2

AFROJ AHMAD
Cisco Employee
Cisco Employee

Hi Dave,

If your need is to get notification for only SEV 1 messages then you can create a filter for it and rest all you can Drop.

go to

Admin > Network > Notification and Action Settings > Syslog Message Filters.

Attached is screenshot for the same. you futher can specify the mnemonics and facility as well ,if you want otherwiese SEV is fine

hope this will help you.

Thanks-

Afroz

[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Hi Afroz,

Thank you for your response, but what you described is not what I am looking for.  I only want to drop a particular set of severity 1 messages, not all of them.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco