Hi guys,
I'm trying to achieve the following
I created a rule with its first filter matching All levels, followed by another rule matching devices starting "^abc" and then, what I'm trying to do is to filter ASA syslog messages with regex like this
Filter name: Include ASA Failover msg
Filter Field Message Text - Filter Type RegExp
"^%ASA-[0-7]-10(1|4)" "^%ASA-[0-7]-210" "^%ASA-[0-7]-311" "^%ASA-[0-7]-709"
Filter name: Include ASA IP Stack msg
Filter Field Message Text - Filter Type RegExp
"^%ASA-[0-7]-209" "^%ASA-[0-7]-215" "^%ASA-[0-7]-313" "^%ASA-[0-7]-317" "^%ASA-[0-7]-408"
And so and so.
Last rule is the one I'm testing on which is matching msgs code more common
Filter name: Test 2
Filter Field Message Text - Filter Type RegExp
"^%ASA-[0-7]-30(5|7)" "^%ASA-[0-7]-10"
Test2 by itself is working fine, but every time I activate any of the previous ones that are above this one, it stops working. Not getting any message on my Display. Btw, the action on this Rule is forward messages to a particular Display.
I realized that a bad regex filter could stop the syslog console from working.
Any thoughts?
Cheers,
