Solved

No Device Name or IP Address in Syslog Alarm

  • 19 October 2020
  • 5 replies
  • 59 views

I have created a Syslog Alarm that I receive via email, but I’m not receiving any information that tells me which device the alarm came from.  I have enabled every keyword.  Here is what I currently have configured for the Action Override:

$alarmName    The name of the alarm.
$alarmSource    The component (such as a device) that raised the alarm.
$alarmSourceName    
$alarmSubcomponent    The subcomponent (such as an interface) that raised the alarm.
$severity    The alarm severity.
$type    The value returned is always "Alarm".
$trigger    Indicates whether the trigger was a trap or event.
$server    The NetSight server IP address.
$time    The date and time when the event or trap occurred.
$message    The event message.
$eventType    The event type (event or trap).
$eventSeverity    The event severity.
$eventCategory    The event category.
$eventTitle    The event message.
$deviceIP    The IP address of the device that is the source of the alarm.
$deviceIpCtx    The device IP and Context.
$deviceNickName    The device nickname.
$deviceBootProm    The BootProm version on the device.
$deviceFirmware    The firmware version on the device.
$deviceStatus    The device status.
$snmp    The device SNMP credentials
$sysName    The system name.
$sysLocation    The system location.
$sysContact    The system contact.
$sysDescr    The system description
$sysUpTime    The system uptime.
$chassisId    The chassis ID.
$chassisType    The chassis type.
$trapName    The trap name.
$trapEnterprise    The Enterprise for this trap (Extreme, snmpTraps, rmonEventsV2, dot1dBridge) as defined in the trapd.conf file.
$trapOid    The trap OID.
 

The ones that are working are:

$alarmName    The name of the alarm.
$alarmSource    The component (such as a device) that raised the alarm.

$type    The value returned is always "Alarm".
$trigger    Indicates whether the trigger was a trap or event.
$server    The NetSight server IP address.
$time    The date and time when the event or trap occurred.

$eventType    The event type (event or trap).
$eventSeverity    The event severity.

 

 

icon

Best answer by StephanH 19 October 2020, 21:23

Ok,

In Version 8.3 the mentioned problem occures. Therefore update your XMC to the latest version and test again, please.

Stephan

View original

5 replies

Here is the device config:

configure syslog add 10.243.80.80:514 vr VR-Default local0
configure log target syslog 10.243.80.80:514 vr VR-Default local0 from 10.98.97.234
enable log target syslog 10.243.80.80:514 vr VR-Default local0
configure log target syslog 10.243.80.80:514 vr VR-Default local0 filter DefaultFilter severity Debug-Data
configure log target syslog 10.243.80.80:514 vr VR-Default local0 match Any
configure log target syslog 10.243.80.80:514 vr VR-Default local0 format timestamp seconds date Mmm-dd event-name condition priority host-name tag-name 
 

 

Userlevel 6
Badge

Cslayton,

there was an issue with source hostname and Ip as alarm source. This issue was fixed with version 8.5.0. Maybe your problem is related to the same issue.

What version of XMC are you using?

Stephan

8.3.1.9

 

Userlevel 6
Badge

Ok,

In Version 8.3 the mentioned problem occures. Therefore update your XMC to the latest version and test again, please.

Stephan

Userlevel 6
Badge

For completeness, I have done a short test. With 8.5.1.60 both the IP and the name is transferred.

 

Regards

Stephan

 

Reply