Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.



Infoblox reports "lease threshold crossed" message in separate syslog messages

New Member
Posts: 2
324     0

Hi all,


wanted to know why Infoblox reports "lease threshold crossed" message in separate syslog messages, rather than a single one that would appear as one event in the splunk?


In the SMNP trap the information is concatenated in separate lines:

DHCP high threshold crossed:
Member: a.b.c.220
Network: a.b.c.0/24/default
Range: a.b.c.102/a.b.c.102///default/
High Trigger Mark: 90%
High Reset Mark: 85%
Current Usage: 100%
Active Leases: 1
Available Leases: 0

Total Addresses: 1 


would be good if it is in the same syslog message, instead that every piece of information needs to be a separate syslog message.

How to link the messages together to renders it possible for Splunk to extract the info?
We would like to see/use this alert in one line to use it in splunk.

thanks for your outputs

Showing results for 
Search instead for 
Did you mean: 

Recommended for You