Hello,
We use a syslog aggregator, so all the syslog from our network devices get sent to Solarwinds and appear from a single source IP. This is reflected in the "Hostname" field on the Syslog viewer.
Unfortunately, the NCM RTM tool variable ${IP_Address} is this source IP of the syslog message, not the IP of the network device as seen in the syslog message body.
The IP I want is stored in the SQL database under column [SysLog.FirstIPInMessage], so I am attempting to use this as my syslog alert trigger:
C:\Program Files (x86)\SolarWinds\Orion\SolarWinds.NCM.RTNForwarder.exe ${SQL:SELECT FirstIPInMessage FROM SysLog WHERE DateTime=${DateTime}},RealtimeNotification,${DateTime},${Message}
but it isn't working.
I strongly suspect that the "WHERE DateTime=${DateTime}" is the problem, either due to incompatible Date formats, or my syntax.
Any help gratefully received!
Steve