create correlated alert from cisco router message
When I see this message:
IP-EIGRP(0) 17231: Neighbor 184.108.40.206 (Tunnel51) is down: holding time expired
IP-EIGRP(0) 17231: Neighbor 220.127.116.11 (Tunnel51) is up: new adjacency
does not appear within 2 minutes - I want to generate an alert.
i can't even get the first circuit to fire - ie just alert if it sees the first message.
I'm not sure what to put in the filter:
In the report for the same thing this works fine:
Message LIKE '%Neighbor%% is down%'
But this doesn't work in the alert.
Do I use regex?
In events message view the following regex works: Neighbor*.* down
but it doesn't appear to work in an alert
Thanks in anticipation