Forum Discussion
Mike_Kahler_488
Historic F5 Account
Hmm. Never really looked at the exact regex in the alert. My guess is that the trap looks for any map number of priority x as denoted after the :x: and as designated as the standard syslog log levels. So for the 1st example:
"^[0-9a-f]{8}:0: (.*)"
Would be log level 0 which is Emergency.
Log levels are listed in the .map files and the F5 device will log this as a log level number after the colon. For example:
err tmm3[9818]: 01010221:3:
is log level Error as denoted by :3:
smp_86112
Apr 16, 2014Cirrostratus
Thanks for the response. On one hand, I agree this might be how it works. But if what you are saying is true, then it seems the string I'm asking about ("BIGIP_LOG_EMERG" for example) would be irrelevant, wouldn't it? But I know those strings mean something, in some cases at least. Today I had to customize /config/user_alert.conf to send an email during a sync. There is no regex string to perform a match, and it works. So while I do understand and agree with your thought process, this can't be the whole story.