My Scenario/Environment is like this.

1. Working librenms (110+ devices mostly cisco switches being polled) - with syslog-ng integration
2. Cisco switch to send devices log (level:5) to librenms syslog, logs all works
3. Alert Rules for Authentication Failed using syslog.msg regex .Login Authentication Failed. with macros.past_5m
4. Email Templates attached to the Alert Rules
5. Testing by telnet with wrong username/password to the switch will trigger notification to webgui and email send to admins, all working fine.

My Question are

After several “Login Authentication Failed” generated in the db and if i put below syntax in the template

@if ($alert->faults) 
Faults: @foreach ($alert->faults as $key => $value)  #{{ $key }}: {{ $value['msg'] }} @endforeach  
@endif 

@if ($alert->faults) 
Faults: @foreach ($alert->faults as $key => $value)  #{{ $key }}: {{ $value['string'] }} @endforeach  
@endif 

the Content of the Email will includes every alert incidents for that device in the syslog db

 Faults:
   #1: sysObjectID = .1.3.6.1.4.1.9.1.797; sysDescr = Cisco IOS Software,
C3560 Software (C3560-IPBASE-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 28-Sep-10 13:21 by prod_rel_team; msg = Login failed [user: ]
[Source: 10.13.21.78] [localport: 23] [Reason: Login Authentication Failed]
at 10:31:04 GMT+8 Mon Mar 1 1993; 

   #2: sysObjectID = .1.3.6.1.4.1.9.1.797; sysDescr = Cisco IOS Software,
C3560 Software (C3560-IPBASE-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 28-Sep-10 13:21 by prod_rel_team; msg = Login failed [user: ]
[Source: 10.13.21.78] [localport: 23] [Reason: Login Authentication Failed]
at 10:35:13 GMT+8 Mon Mar 1 1993; 

   #3: sysObjectID = .1.3.6.1.4.1.9.1.797; sysDescr = Cisco IOS Software,
C3560 Software (C3560-IPBASE-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 28-Sep-10 13:21 by prod_rel_team; msg = Login failed [user: ]
[Source: 10.13.21.78] [localport: 23] [Reason: Login Authentication Failed]
at 03:14:24 GMT+8 Tue Mar 2 1993; 

   #4: sysObjectID = .1.3.6.1.4.1.9.1.797; sysDescr = Cisco IOS Software,
C3560 Software (C3560-IPBASE-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 28-Sep-10 13:21 by prod_rel_team; msg = Login failed [user: ]
[Source: 10.13.21.78] [localport: 23] [Reason: Login Authentication Failed]
at 03:36:17 GMT+8 Tue Mar 2 1993; 

How do i syntax, so that it only includes the latest string / msg for that particular alert only?

{{ $alert->hostname }} does not seem to work for alert originated from syslog db, i only able to return {{ $alert->device_id }}

any workaround for this if i need to include a hostname inside the email? I don’t have the same issue for other non-syslog alert.

• The output of ./validate.php

[root@nms librenms]# ./validate.php

====================================

[OK] Composer Version: 1.8.0
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct

after spending about 4 hours to solve this… i found out how to do it. according to

we just need to add

@foreach ($alert->faults as $key => $value) @if($loop->last) #{{ $key }} : {{ $value[‘string’] }} @endif

to only return the last “iteration”

and the issue with no hostname is because i have several pollers, which i forgot to force ip to hostname in their config.php