When I see this message:
IP-EIGRP(0) 17231: Neighbor 22.214.171.124 (Tunnel51) is down: holding time expired
IP-EIGRP(0) 17231: Neighbor 126.96.36.199 (Tunnel51) is up: new adjacency
does not appear within 2 minutes - I want to generate an alert.
i can't even get the first circuit to fire - ie just alert if it sees the first message.
I'm not sure what to put in the filter:
In the report for the same thing this works fine:
Message LIKE '%Neighbor%% is down%'
But this doesn't work in the alert.
Do I use regex?
In events message view the following regex works: Neighbor*.* down
but it doesn't appear to work in an alert
Thanks in anticipation