Hello,

 

I’ve previously had a very simple regex list configured for Cisco ASA devices to deliver email alerts on routing changes in our network, which was configured thus:-

 

filter f_sev1 { match("%ASA-3-622001"); };

 

…which works just fine. Wanting to expand this list a bit, and aware that scaling regex matching up is going to incur performance issues, I’ve thought that an “in-list” expression file might have been a better approach, and as such have configured the following:-

 

filter f_sev1 { in-list("/etc/syslog-ng/email-match-list.list", value("PROGRAM")); };

 

…where “PROGRAM” is (I believe) the applicable part of the code that matches to the Cisco "%ASA-3-622001" part of the message. The whitelist has the following entries (as an example):-

 

%DUAL-5-NBRCHANGE

%ASA-3-622001

%SPANTREE-5-TOPOTRAP

%SPANTREE-5-ROOTCHANGE

%ASA-5-111010

 

I am not getting any matches here, however. What am I missing?

 

Thanks very much in advance,

 

Damian



Damian Bell
Infrastructure Engineer | Support | H Clarkson & Co Ltd
T: +44 20 7334 5483
Email: Damian.Bell@clarksons.com
Group Email: infrastructure@clarksons.com
Clarksons Platou  TM
Commodity Quay, St. Katharine Docks | London E1W 1BF | United Kingdom
www.clarksons.com
Please consider the environment before printing this e-mail


This message is private and confidential. If you have received it in error, you are on notice of its status. Please notify us immediately by reply email and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person: to do so could be a breach of confidence.

Emails may be monitored.

Details of Clarkson group companies and their regulators (where applicable) can be found at this url: Disclosure