Hello,
I'm working on a solution on alerting on interface flaps and getting tripped up at the final point! Can anyone assist with the following:
- Interface on xyz device flaps, going down and up within seconds and so being missed by a poll.
- Device sends a syslog to NPM
- An advanced SQL alert is configured based on here Re: Alert / Event from Syslog or Trap (thanks RichardLetts) which returns any node that generated the syslog in the last minute
So far so good!
What I need to do now is, and where I am struggling:
- I need to identify the INTERFACE in question (this is contained in the syslog message - surrounded by other text)
- I will then evaluate against this list for the TRUE value of a custom property to deiced the severity if said interface
- The alert will only trigger for interfaces that have the custom property set
I realise that I could list the criteria in the syslog viewer, however the list of interfaces is long and changing, so not really a scalable solution.
Appreciate any help
Stuart