Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-2457

correlation of syslog message alert emails

Details

    • New Feature
    • Resolution: Unresolved
    • Minor
    • None
    • Professional Edition
    • Alerting

    Description

      Hello,

      we have configured a syslog-rule matching on prefix-limit messages. This rule is associated to an email contact.

      Our problem is that if a bgp prefix-limit exceeds on the router, this message might occur a 100 times per hour, each syslog generating an email. As far as I can see this behavior can't be changed on the router itself.

      Is it possible to correlate these emails. A possible solution could be to alert the first occurance of the syslog message and then only send correlated emails every n minutes for syslog messages matching the same rule and originated from the same router saying something like "The last event occured n times the last 30 minutes".

      In our case the syslog messages are not exactly the same, each message differs at a specific point, which might also be the reason why they are generated that often.

       

      Best regards

      Joerg

      Attachments

        Issue Links

          clones

          Improvement - An improvement or enhancement to an existing feature or task. OBS-2483 Syslog Alerts Improvements

          • Major - Major loss of function.
          • In Review
          is mentioned by

          Improvement - An improvement or enhancement to an existing feature or task. OBS-2483 Syslog Alerts Improvements

          • Major - Major loss of function.
          • In Review

          Activity

            [OBS-2457] correlation of syslog message alert emails
            veldenb Bernard van der Velden added a comment -

            I agree, we have some rules that may occur 30 times a minute. One alert every hour would be sufficient for notification.

            veldenb Bernard van der Velden added a comment - I agree, we have some rules that may occur 30 times a minute. One alert every hour would be sufficient for notification.
            Gav Jar On added a comment -

            Bump... it wuld be nice to integrate this to observium. We have "flapping" rule and this msg is in log (and alert) every two minutes.

             

            Gav Jar On added a comment - Bump... it wuld be nice to integrate this to observium. We have "flapping" rule and this msg is in log (and alert) every two minutes.  

            People

              landy Mike Stupalov
              jok Joerg Krohn
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: