How to disable the South Bound Gateway alert forwarding on a Host_systemEDGE model for the Log File Monitor trap in Spectrum
When using the Host_systemEDGE model for Log File Monitoring, by default, SPECTRUM will try to parse the matched log file for a hostname or ip address to forward to a model in the SPECTRUM database. If SPECTRUM is unable to parse a hostname or ip address from the log file, SPECTRUM will generate an event on the Host_systemEDGE model to that fact and not generate an alarm.
Sometimes, logs being monitored do not conform to the requirements to parse a hostname or ip address from the syslog header but the user still wants an alarm to be generated should there be a match.
Set the Enable_SouthboundGateway attribute 0x116296e on the Host_systemEDGE model to No.
Edit the $SPECROOT/SS/CsVendor/Ctron_Gen_HOST/Host_systemEDGE/EventDisp file and change the entry for 0x116002f to the following:
0x0116002f E 50 A 3, 0x0116002f
Update the SpectroSERVER cache. Now, when SPECTRUM receives a logMonMatchtrap from this Host_systemEDGE model, a CRITICAL alarm will be asserted on the Host_systemEDGE model.