Hello all, I've tried searching for somebody with a similar issue but have yet to find it. Let me explain what I'm trying to do and then explain where I'm getting stuck and maybe somebody can help.
I'm trying to receive very specific syslog events from hundreds of different SonicWALL routers that have been set to monitor a network device's up/down status and send a Syslog event when an even occurs. An example input event/stream I receive on Graylog2 is: id=*Lab_Syslog* sn=0017C567CA30 time="2014-07-09 19:41:39" fw=73.179.217.255 pri=1 c=0 m=706 msg="Network Monitor: Host 192.168.12.250 (Policy:*TestDevice*) is *offline*" sess=None n=4 Using the above as the example, I'd like to parse "*Lab_Syslog*" "*Test Device*" and "*Offline*" to be able to send an alert to a specific email address, or group of email addresses, to alert them of the outage. I managed to do this on Splunk but would rather do it here. I've tested and my email settings are working. I'm getting stuck even setting up a basic rule. When I enter the message ID "Lab_Syslog" and the index "graylog2_0" and click "Load Message" I receive an error stating: " Error Could not load message. Make sure that ID and index are correct." I figured that once I got past that point I'd be able to see if I could somehow parse the information and create the alert I needed above. So, that being said I have two questions: 1.] Is what I'm trying to do even possible? 2.] If so, why am I unable to even create a rule? It's quite possible that I just flat out don't know what I'm doing, I accept that. Any help would be kindly appreciated. Thank you! -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
