Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-2457

correlation of syslog message alert emails

Details

    • New Feature
    • Resolution: Unresolved
    • Minor
    • None
    • Professional Edition
    • Alerting

    Description

      Hello,

      we have configured a syslog-rule matching on prefix-limit messages. This rule is associated to an email contact.

      Our problem is that if a bgp prefix-limit exceeds on the router, this message might occur a 100 times per hour, each syslog generating an email. As far as I can see this behavior can't be changed on the router itself.

      Is it possible to correlate these emails. A possible solution could be to alert the first occurance of the syslog message and then only send correlated emails every n minutes for syslog messages matching the same rule and originated from the same router saying something like "The last event occured n times the last 30 minutes".

      In our case the syslog messages are not exactly the same, each message differs at a specific point, which might also be the reason why they are generated that often.

       

      Best regards

      Joerg

      Attachments

        Issue Links

          Activity

            [OBS-2457] correlation of syslog message alert emails

            I agree, we have some rules that may occur 30 times a minute. One alert every hour would be sufficient for notification.

            veldenb Bernard van der Velden added a comment - I agree, we have some rules that may occur 30 times a minute. One alert every hour would be sufficient for notification.
            landy Mike Stupalov made changes -
            Status Original: Open [ 1 ] New: In Review [ 10101 ]
            landy Mike Stupalov made changes -
            Assignee Original: Adam Armstrong [ adama ] New: Mike Stupalov [ landy ]
            adama Adam Armstrong made changes -
            Link New: This issue clones OBS-2483 [ OBS-2483 ]
            jok Joerg Krohn made changes -
            Link New: This issue is mentioned by OBS-2483 [ OBS-2483 ]
            Gav Jar On added a comment -

            Bump... it wuld be nice to integrate this to observium. We have "flapping" rule and this msg is in log (and alert) every two minutes.

             

            Gav Jar On added a comment - Bump... it wuld be nice to integrate this to observium. We have "flapping" rule and this msg is in log (and alert) every two minutes.  
            jok Joerg Krohn created issue -

            People

              landy Mike Stupalov
              jok Joerg Krohn
              Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: