I would like to include recent syslog and events in my email events that are sent. For instance, when cpu utilization is high, I would like to see the last 10 syslog messages from that server in the email that is sent. Here is my logic:
Node Information: Node: ${Node.Caption}IP Address: ${Node.IP_Address}Node Type: ${Node.MachineType}Memory Utilization: ${Node.PercentMemoryUsed}Response Time: ${Node.ResponseTime}Alert InfromationAlert Trigger time: ${AlertTriggerTime}Count: ${AlertTriggerCount}Acknowledged: ${Acknowledged}Acknowledged By: ${AcknowledgedBy}acknowledged On: ${AcknowledgedTime}
Recent logs:
${SQL:Select Top 25 * From SysLog where IP = '${Node.IP_Address}' and (DATETIME > (GETDATE() - 7)) }
This does not seem to work, is anyone doing this?
try it without the getdate() section and see if that piece works, then work on the issue from there, if it does.
Actually, do you need the getdate if you are just pulling the top 25? I haven't looked at that table.
No the only thing that the SQL Statement will return is a single number (like the most recent syslog ID) I wonder if they have setup the sql statement to only return a single value.
The email altert will limit the SQL query to 1 line output. So no wildcard searches on anything. This is limited to the email tool only from my experience.
Would be great to get a multiple output of syslog and events from a single query.
bye
Ken
I agree, this would be a great improvement.
In the meantime, I have had to create an alert action that launches an osql.exe / sqlcmd.exe query that will dump the results to a text file, which I then include in an e-mail sent by blat.exe or mailsend.exe. It is a pain, especially formatting the SQL output, but it gets the job done.