User Tools

Site Tools


How to push an alert into Trisul dispatcher from bash

On Ubuntu , the Trisul dispatcher reads from /var/log/syslog and matches all lines using a Regex.

It then formats and pushes to

  1. Email
  2. Microsoft Teams via WebHooks

If you push a syslog message in the following format into syslog it will make to the automatic email alert delivery system.

“Alert:probe0:context0:0,0,0,0,0,0,IPDRDOWN,TEst ipdr stopped flushing”

logger -s -t trisul_flushd "Alert:probe0:context0:0,0,0,0,0,0,IPDRDOWN,TEst ipdr stopped flushing"

The fields are

  • Alert:probe0:context0: – source of the alert
  • Timestamp tv_sec
  • Timestamp tv_usec
  • Source IP
  • Port
  • Dest IP
  • Port
  • SigID – short name for alert
  • Message
admin/add_alert_bash.txt · Last modified: 2024/04/29 13:57 by veera