In case you didn't show us your whole <msgs> section, make sure your match rule is before any other more general match rule (such as the default red/error and yellow/warning rules). I believe the first match wins.
Cheers. D
-----Original Message----- From: Stewart Larsen [mailto:stl19847 at yahoo.com] Sent: Thursday, July 12, 2007 11:42 AM To: hobbit at hswn.dk Cc: hobbit at hswn.dk Subject: Re: [hobbit] BBWin and Message problems
Thanks. I've read the manual, but the syntax below does not seem to behave the way I expect.
The first error I get with that EventID triggers an alert. I thought with the syntax given, I would need to see 10 log entries within a 30 minute period before I get an alert.
Is this a bug in BBWin, or am I doing something incorrect here?
Stewart
Hello Stewart,
You can set a counter so you may only receive alert if several events on the same rule are matched. Default is 0 which means that the first event matched will generate an alert. count must be a positive number. count has no effect on ignore rules.
2007/7/11, Stewart Larsen <stl19847 at yahoo.com>:
Not sure if this is the right place...
I have a particular error in my logs. It's not a real issus unbless I see 10 of them in a 30 minute period, so I set up a rule in the msgs section...
<msgs> <setting name="summary" value="true" /> <match logfile="Application" eventid="3317" count="10" delay="30m" /> </msgs>
Is this syntax correct?
The syntax is good but actually, count option just helps to trigger events that appear often in the last 30 minutes (your delay setting). If count is reached, msgs agent will still report all of the events because depending the rules, events can be different each other.
If you really doesn't want the event to be reported, may be you should ignore it definitively.
Regards,
Etienne GRIGNON
Stewart Larsen