Hi all,
I am currently working on creating an alert to notify if the status of a switch is disable for more than 10 min, common scenario is that switches disconnect for a min and would be back to running, we would only like to target the ones whose status remains disconnected for more than 10 min.
Below is the sample log:
Apr 18 07:46:25 hostname tag=abc CEF:0Agent status changed|Status of agent "name" at IP "ip address" (id=10,0) changed from running to disabled
Apr 11 07:50:10 hostname tag=abc CEF:0Agent status changed|Status of agent "name" at IP "ip address" (id=10,0) changed from disabled to Running
... View more