Forum Discussion
Mike_Kahler_488
Historic F5 Account
Hmm. Never really looked at the exact regex in the alert. My guess is that the trap looks for any map number of priority x as denoted after the :x: and as designated as the standard syslog log levels. So for the 1st example:
"^[0-9a-f]{8}:0: (.*)"
Would be log level 0 which is Emergency.
Log levels are listed in the .map files and the F5 device will log this as a log level number after the colon. For example:
err tmm3[9818]: 01010221:3:
is log level Error as denoted by :3:
Mike_Kahler_488
Apr 16, 2014Historic F5 Account
I believe the BIGIP_LOG_* traps in alert.conf are commented out. They were meant to be used as a catch all for alerts that were not defined. So I think they are irrelevant.
The alerts defined in user_alert.conf have a higher priority than alert.conf. I am a little surprised that the map name would match the log. Perhaps the map number has a direct relationship with the string. But if this works for you and is your intent, then the map name should be good enough.