I have set-up a number of Workflows to alert me when a certain syslog message comes in from our routers, i have created two syslog rules , one for when the log contains the text "neighbour DOWN" and "neighbour UP", this tells me if i have a drop on one of my links across our WAN. I created workflows for all our links individually, they involve doing a trace route and ping test and to email the results, i have selected the alert trigger of selected syslog rule choosing the UP/Down rules and associated them to the routers. 

during failover testing  i can see the syslog messages come through in opmanager under the viewer, from the correct IP, severity, and text. But the work flow does not pick these up. so i do not get any alert etc.

Is there something i am missing ?   Does the syslog rule have to have the exact text i.e: 

"Nbr x.x.x.x on GigabitEthernet0/2.252 from FULL to DOWN, Neighbor Down: Dead timer expired"

Is it case sensitive?

In ELA when setting up an alert is states "Log message contains:" and you can enter any piece of text that will be contained in the log message but in Opmanager is states" Match Text:" - - - Is there a difference?

A quick response would be grateful as i am carrying out further failover test this evening and it would be a perfect time to test these alerts again..

Thanks 

RH