cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Threshold Condition for DRS Backup status

Nicole_Clinard
05 Base Camper
‎04-29-2017 03:49 AM
‎04-29-2017 03:49 AM

Threshold Condition for DRS Backup status

CUCM, CUC and UCCX report DRS backup status via syslog. I've setup Syslog for these servers to send alerts to Prognosis, and I'm receiving messages when a backup fails which show up in the Syslog displays. However, I need to generate a Prognosis alert through a Threshold Condition when DRS failures occur. I cannot find a threshold condition to modify under the Cisco Thresholds or Syslog Thresholds. I'm not sure where to find the right fields to create a threshold condition either. Is it possible to create a customer threshold condition to capture sylog messages about DRS backup status?
Add categories:
0 Likes
Reply
7 REPLIES 7
Shoaib_Dilawar
12 Sherpa
‎04-29-2017 05:51 AM
‎04-29-2017 05:51 AM

Re: Threshold Condition for DRS Backup status

Hi Nicole,

you can use existing syslog threshold or add a new one based off 'Syslog' record. You can where-clause on type or message text, typically 'Message1 Contains "mytext"

Here is a screenshot of where you can find it:

syslog.png


If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
0 Likes
Reply
Nicole_Clinard
05 Base Camper
‎04-29-2017 06:27 AM
‎04-29-2017 06:27 AM

Re: Threshold Condition for DRS Backup status

Ahh, ok, so basically I can use the Message fields to match any text I want. I did not realize that. I'll try that, thanks!
0 Likes
Reply
Shoaib_Dilawar
12 Sherpa
‎05-02-2017 12:30 AM
‎05-02-2017 12:30 AM

Re: Threshold Condition for DRS Backup status

Let us know how you go. You also have flexibility of using regex for wider matching, such as:
MESSAGE1 MATCHES REGEX "my\s+text.*down"

If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
0 Likes
Reply
Nicole_Clinard
05 Base Camper
‎05-03-2017 04:42 AM
‎05-03-2017 04:42 AM

Re: Threshold Condition for DRS Backup status

The text I'm looking for is "DRF Backup or Restore process has failed". I want an exact match on that for this alert. Should my where clause then be:
MESSAGE1 CONTAINS "DRF Backup or Restore process has failed" or is it better to match a regular expression? Do I need to include "CFAC EMPTY" for all syslog related threshold conditions? I should also note that the alert could come from a few different of servers.
0 Likes
Reply
Shoaib_Dilawar
12 Sherpa
‎05-03-2017 05:37 AM
‎05-03-2017 05:37 AM

Re: Threshold Condition for DRS Backup status

Nicole,

MESSAGE1 CONTAINS "DRF Backup or Restore process has failed" should be enough to raise an alert for any incoming message, regardless of what server it is coming from. If CFAC field is showing EMPTY, you don't have to include in the where-clause. For this simple text matching, we don't have to use regex match.

Moreover, you have further options in the threshold's Message Destination to provide custom text that contains mix of static text and fields from the record. If it works, let us know.

If my reply answered your question please click on the 'Accept as Solution' button to help others find the answer.
Thanks,
Shoaib
0 Likes
Reply
Nicole_Clinard
05 Base Camper
‎07-08-2017 04:52 AM
‎07-08-2017 04:52 AM

Re: Threshold Condition for DRS Backup status

I setup the syslog threshold condition as recommended in this thread, and waiting for a DRF failure event. When I got one I did not see an alert generate. I saw the DRF failure In the syslog history within Prognosis Monitor View Systems - just no alert generated. I did some more reading and I believe what might be more befitting of my goal is creating a customer threshold condition under Vendor Alerts (and setup RTMT) rather than using Syslog. I'll setup my custom threshold condition there, and see what I get.
0 Likes
Reply
Anon
Community Manager
Community Manager
‎07-14-2017 10:59 AM
‎07-14-2017 10:59 AM

Re: Threshold Condition for DRS Backup status

Nicole Clinard said
I setup the syslog threshold condition as recommended in this thread, and waiting for a DRF failure event. When I got one I did not see an alert generate. I saw the DRF failure In the syslog history within Prognosis Monitor View Systems - just no alert generated. I did some more reading and I believe what might be more befitting of my goal is creating a customer threshold condition under Vendor Alerts (and setup RTMT) rather than using Syslog. I'll setup my custom threshold condition there, and see what I get.  


Hi Nicole,
How did you go with your custom threshold?
0 Likes
Reply

IR Forums

 General Collaborate Transact & Infrastructure COVID-19 Updates IR Connect