Tried that. Still not working. Also tried to run the script manually from a command line and that works fine.

Here's one that works for me. I had to add the specific path for the script because it didn't work with a path variable when called from CW2k:

perl d:\progra~1\cscopx\cgi-bin\sysloga\sampleEmailScript.pl -text_message Test -email_ids xxx@x.x,xxx@x.x -subject "testing" -from cwks@xxx.com -sender cwks@xxx.com -smtp x.x.x.x

I also had to add the "-sender" field because qmail refused to forward, and bounced it, without it...our email police said something about rfc compliance.

I'm also using RME 3.4. While none of this may help you, I thought showing one that "does" work might.

Try something besides perl to eliminate that first. Try a script/batch file that creates a file or "dir > c:\test.txt".

If you find the file, you know the event is being triggered, and you can work on the balance of the problem (perl script, pathing, etc).

I'm assuming you can see the events you are trying to trigger on coming in to CW2k and the \CSCOpx\log\syslog.log log file, right?

I did try to run a batch file, but nothing happens. The syslog.log file is updated with the correct events.

As far as I can see, the problem is the trigger/filter. I have also tried to disable and enable the actions, and restarted the sysloganalyzer.

In addtion to being in the syslog.log, is there an entry in RME syslog analyzer for that device/message?

Resource Manager Essentials->Syslog Analysis->Standard Reports

select device you are getting messages from, and generate the report. Does the syslog message show up in that report?

Yes, everything seems normal except that the action is not triggered.

Tommy

Thanks!

Yes, I use w2k. Do you have more information about this? Do you have a example of something that does work?

Regards

Tommy

Here's 3 that work for me. Two for catalyst, one for websense not responding to pix.

SYS-*-3-PORT_COLLDIS-*

MGMT-*-5-PORT_ERRDISABLE-*

PIX-*-3-304006-*