Hy.

Since months we have a problem with our Syslog AA. We're not receiving any E-Mail that should be send as a reaction to received syslog messages.

The Syslog Collector is correctly subscribed and resubscription doesn't fix our problem as well as restarting both processes (Collector and Analyser).

By using logview at syslog.log I can see that there are permanently messages received and written into the file syslog.log. In Syslog Reports messages can be identified that should have triggered an E-Mail, but no E-Mail was received.

The mailserver itself might not be the problem, because we are still receiving E-Mail for Job Status reports.

The filter.dat file looks like this:

Filters for the server: de0-cwge
Mode: DROP
Filter expressions:
^((\S+);;;(PIX)(-(\S+))?-(6)(-(302002\s*))\s*:\s*.*)$
^((\S+);;;(PIX)(-(\S+))?-(6)(-(302001\s*))\s*:\s*.*)$
^((\S+);;;(PIX)(-(\S+))?-(6)(-(304001\s*))\s*:\s*.*)$
^((\S+);;;(FW)(-(\S+))?-(6)(-(SESS_AUDIT_TRAIL\s*))\s*:\s*.*)$
^((\S+);;;(\S+)(-(\S+))?-(7)(-(.*\s*))?\s*:\s*.*)$
^((\S+);;;(LINK)(-(\S+))?-(3)(-(UPDOWN\s*))\s*:\s*.*)$
^((\S+);;;(LINEPROTO)(-(\S+))?-(5)(-(UPDOWN\s*))\s*:\s*.*)$
^((\S+);;;(LINK)(-(\S+))?-(5)(-(CHANGED\s*))\s*:\s*.*)$
^((\S+);;;(LINK)(-(\S+))?-(5)(-(UPDOWN\s*))\s*:\s*.*)$
...................

So this also doesn't seem to be the cause.

Can anybody please help me to find a solution for this?

Many thanks in advance!

cheers

Marc