ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Custom Syslog Event Configuration and alert filtering in Spectrum to remove unwanted alarms


Article ID: 236894


Updated On:


CA Spectrum DX NetOps


How can the event rules be configured so that a particular event will not trigger the alert.


When undertaking a security scan on a network device, the device triggers the alarm 'A CRITICAL SYSLOG EVENT HAS OCCURRED', cause code 0x21001c:

From the event, it is caused by the scan with reason: Login Authentication Failed.


How can the event rules for this 0x21001c event be configured so that only this login failed trap will not trigger the alert?


DX NetOps Spectrum release 20.2 or later


The 0x21001c event has the following description located in the message body:

[Reason: Login Authentication Failed].

Looking at the event message, the variable that represents this is the third, which would be written as: 

{v 3}

You can then do a string comparison on this variable (strcmp) in the event rules for it. For example:

if strcmp({v 3} {S “Login Authentication Failed”}) evaluates to TRUE, then generate <EVENT> 

Where <EVENT> represents a new custom event which does not raise an alarm.