i have a question in regards to the Event Console Rule Pack processing.
We have rolled out the Logwatch Plugin, with Logwatch Event forwarding and we are generating some Events, which are set in Event Console to CRIT.
We also have configured the Cancel Event clearing, once the proper pattern has been found in the same logfile.
Currently, there are 4-5 different pattern we want to match, which can be cancelled with the same “clearing text”.
Every Rule in this pack has the same clearing text to cancel the event.
But i have noticed, that when Events are generated, only the Rule 0 is working with clearing.
All other Rules are not doing anything.
My Suggestion was, that the clearing pattern should also clear those Events, based on those Rules.
Every Rule of this Pack is configured like this: (of course with different “Text to Match”)
Today i tried to breake down the Rule Pack a bit and moved all Rules in a single Rule Pack, expecting, that i will have the proper clearing then…
Unfortunately not. Its also not working with this setup.
There are Options in a Rule under Rule Type to “skip current rule pack and proceed with next one” … but this is also not helping in combination with additional rule packs.
And on top, from wording, it wouldnt make sense at atll. But it was a try.
I really appreciate any help or suggestions on that topic.
How is it possible to have ONE Rule pack with at least 4-5 rules where i have different Pattern to match, with the SAME clearing/canncelation text.
There is a DB which is producing those CRIT Pattern, but ONE canncel text should clear ALL of those Events.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
