cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
640
Views
5
Helpful
5
Replies
oizetbegovic
Beginner

CW LMS 3.2 event correlation

Hi everyone,

I've got a question regarding CiscoWorks LMS v3.2. It is used as syslog server. Some Cisco network device has multiple metroethernet tunnels configured on it. Those tunnels are flapping multiple times per day. Device is successfully pinged continuously and flapping is not influencing device availability. Those flaps are visible only in device log. I'd like to know if LMS can receive those syslog messages and create an alarm if, for example, 10 flaps occur in 1 hour? 

Any advice is appreciated!

Regards, Omar

5 REPLIES 5
Gaganjeet Chug
Enthusiast

Hi Omar,

Yes, this can be achieved with the help of Automated Action feature of the Syslog.

Requirements :- Device should be able to generate the Syslog message for this event and you should be able to see that message in the Syslog Report for that device.

Kindly refer to the below User Guide for creating an Automated Action that will shoot an email to you the moment it recieve a particular kind of syslog message.

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/syslog.html#wp1211314

Many Thanks,

Gaganjeet

Hi Gaganjeet,

I'm aware of automated actions but, as far as I know, every time an interesting syslog message comes to LMS email is generated and sent to a user. I'd like to have possibility to send an email after few similar syslog messages are received in specified time. Can this be done?

Regards, Omar

Hi Omar,

That was the only possibilty for the Automated Action. The only thing you can do is to let the AA running at the specific time and for the rest of the keep it in suspended mode.But even in this way during that period when the AA is Active (running), even if the one interesting syslog message recieved, email will be send to the user.

Many Thanks,

Gaganjeet

if you can do basic scripting it should be possible with this procedure:

you can use syslog AA to start a script when the specific message arrives and rise a counter in defined file (or just append a line to the file content). Another script started every x minutes with the system scheduler reads the number in the file (or just counts the number of lines) deletes the content and send an email if the condition is met (n syslog messages within timeframe x).

Hi Martin,

Thanks for the wonderful trick here. I rated it 5.

Many Thanks,

Gaganjeet

Content for Community-Ad