Syslog rules automatically clears alert


I have this rule above and basically the alerting works. Whenever we receive a syslog that matches the pattern, it triggers an alert. But after 5 minutes, it will automatically close it.

How can I create a syslog rule that creates an alert if it sees a syslog.msg containing DOWN, then clears it when it sees “UP” ?

I have similar requirements but don’t know how you do it via syslog natively - if you’re not using some sensor/module that is part of the main SNMP monitoring then you don’t have a latching state to work with.

In the nagios/centreon world I used passive checks to hold state, and then triggered them from syslog/other external events - but the only way I can see to do it in LibreNMS currently from what I know would be some syslog external hook which can cache some data so a custom service check can make a determination. It’s only a few lines of code, but you’ll have to roll your own with a medium learning curve - I can elaborate if it sounds like something worth it for you.

Syslog - External Hooks

I’d use such a feature if it were native to LibreNMS - ie use a syslog trigger/API/webhook etc. to change a service state.

You could use Graylog to manage the event/alert states, but that’s a fair amount of complexity to achieve it I’ll admit. I allude to some of this here: BPDU Spanning Tree alerts - #2 by rhinoau

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.