Does anyone have a Syslog Server that will remove or drop duplicate messages for several hours or even alerting once a day.
Here is why....
We have the SolarWinds Syslog Server send Email and Text Messages for all our Cisco devices. This works great for alerting us of issues. We filter the messages on the devices by using severity and logging discriminator.
IE. logging discriminator LINKCHG mnemonics drops UPDOWN|ILPOWER|CONFIG_I
But... there are several times that we get bombarded by syslog message every 5 mins for messages that we don't want to filter out because they are helpful.
I have deployed Opensource syslog server (syslog-ng or greylog) collect al the logs, and i have scrpt run every 5min(that is my requirement) compare with last status with current status and send email or alert only if the event is new.
I know solarwinds dont have ability may be have some program level, not looked depth this will cover.
Thanks.... I was coming to the same conclusion that I needed to script something. What program/language did you write the script in. I would be willing to do this.... so if you were willing to share the script I would give it a try.
happy to help you, ( i use perl/bash/Python depends on environment).
I wont be able to share some scripts which are related to organization intellectual. (sorry about this)
But if you like i can help you.