Hello All, It would be very appreciate if you would help me to get through the below scenario.
1. I have the following message from the alarm file as active alarm raise event: 2015 Mar 16 19:08:57 ALARM RAISE SP=70377 MO=/CLA-0/FSClusterNTPServer/NTPMonitor AP=/CLA-0/FSClusterNTPServer/NTPMonitor SE=2 IINFO="Clock Sync" NINFO="sysPeer not chosen " TIME=1426504137696 UTCSHIFT=480 2. I have one more log called syslog which also contains the info related to these alarm raise event. Mar 16 19:08:57.696843 warn CLA-0 NTPMonitor[3561]: NTPMonitorTask executeCB(): sysPeer not chosen for 40 times Reporting Critical Out of Sync Alarm Mar 16 19:08:57.697347 info CLA-0 NTPMonitor[3561]: ALARM RAISE SP=70377 MO=/CLA-0/FSClusterNTPServer/NTPMonitor AP=/CLA-0/FSClusterNTPServer/NTPMonitor SE=2 IINFO="Clock Sync" NINFO="sysPeer not chosen " TIME=1426504137696 UTCSHIFT=480 3. I need to correlate the alarm raise event in alarm file to the syslog "NTP Monitor" info along with the same alarm in syslog file around the same time stamps. Our way of idea/implementation is if EVENT-1 occurs in alarm EVENT-2 will follow in the syslog. So joining of these two events as One Correlation Rule for monitoring. Please provide us about your valuable references and examples in doing the same :) . Thanks & Regards, Karthik
------------------------------------------------------------------------------
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
