Yes sir, that's exactly what I mean. Thank you very much for the reply. Once I do one of those correctly I should easily be able to figure out the rest. I feel like there is an easy way to do this and I must be missing SOMETHING very basic. If you can point me in the right direction it would be hugely appreciated.
On Thursday, July 10, 2014 11:50:25 AM UTC-4, lennart wrote: > > What do you mean with "I'd like to parse "Lab_Syslog" "Test Device" > and "Offline" to be able to send an alert"? Do you want to send an > alert every time a message that includes these three terms appears? > > On Thu, Jul 10, 2014 at 3:17 AM, Bjørn Jensen <[email protected] > <javascript:>> wrote: > > Hello all, > > I've tried searching for somebody with a similar issue but have yet to > find > > it. Let me explain what I'm trying to do and then explain where I'm > getting > > stuck and maybe somebody can help. > > > > I'm trying to receive very specific syslog events from hundreds of > different > > SonicWALL routers that have been set to monitor a network device's > up/down > > status and send a Syslog event when an even occurs. An example input > > event/stream I receive on Graylog2 is: > > id=Lab_Syslog sn=0017C567CA30 time="2014-07-09 19:41:39" > fw=73.179.217.255 > > pri=1 c=0 m=706 msg="Network Monitor: Host 192.168.12.250 > > (Policy:TestDevice) is offline" sess=None n=4 > > > > Using the above as the example, I'd like to parse "Lab_Syslog" "Test > Device" > > and "Offline" to be able to send an alert to a specific email address, > or > > group of email addresses, to alert them of the outage. I managed to do > this > > on Splunk but would rather do it here. I've tested and my email > settings > > are working. I'm getting stuck even setting up a basic rule. > > > > When I enter the message ID "Lab_Syslog" and the index "graylog2_0" and > > click "Load Message" I receive an error stating: " Error Could not load > > message. Make sure that ID and index are correct." I figured that once > I > > got past that point I'd be able to see if I could somehow parse the > > information and create the alert I needed above. > > > > So, that being said I have two questions: > > > > 1.] Is what I'm trying to do even possible? > > 2.] If so, why am I unable to even create a rule? > > > > It's quite possible that I just flat out don't know what I'm doing, I > accept > > that. Any help would be kindly appreciated. Thank you! > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "graylog2" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
