I've got a question regarding CiscoWorks LMS v3.2. It is used as syslog server. Some Cisco network device has multiple metroethernet tunnels configured on it. Those tunnels are flapping multiple times per day. Device is successfully pinged continuously and flapping is not influencing device availability. Those flaps are visible only in device log. I'd like to know if LMS can receive those syslog messages and create an alarm if, for example, 10 flaps occur in 1 hour?
Any advice is appreciated!
Yes, this can be achieved with the help of Automated Action feature of the Syslog.
Requirements :- Device should be able to generate the Syslog message for this event and you should be able to see that message in the Syslog Report for that device.
Kindly refer to the below User Guide for creating an Automated Action that will shoot an email to you the moment it recieve a particular kind of syslog message.
I'm aware of automated actions but, as far as I know, every time an interesting syslog message comes to LMS email is generated and sent to a user. I'd like to have possibility to send an email after few similar syslog messages are received in specified time. Can this be done?
That was the only possibilty for the Automated Action. The only thing you can do is to let the AA running at the specific time and for the rest of the keep it in suspended mode.But even in this way during that period when the AA is Active (running), even if the one interesting syslog message recieved, email will be send to the user.
if you can do basic scripting it should be possible with this procedure:
you can use syslog AA to start a script when the specific message arrives and rise a counter in defined file (or just append a line to the file content). Another script started every x minutes with the system scheduler reads the number in the file (or just counts the number of lines) deletes the content and send an email if the condition is met (n syslog messages within timeframe x).