This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Syslog severity in Netsight

Syslog severity in Netsight

Marius_Matijosi
New Contributor II

‎11-23-2016 06:53 AM

My idea was to create severity alarm based on syslog messages i ECM. But I noticed that all syslog messages are logged and displayed with one severity INFO. Severity is coded in first 3 bits of every syslog message. But ECM is ignoring original severity.
Is there any explanation for such behavior?
Can ECM log syslog messages with original severity?

Thanks for your advices.
11 REPLIES 11

Ronald_Dvorak
Honored Contributor

‎11-23-2016 07:31 PM

Hey Marius,

I've tried it and now I'd see the severity# in front of the message....

01d65b08f71b4683a22ef26c9a0a1533_RackMultipart20161123-63229-p28fgw-syslog_facilities01_inline.png



Could you also fix it that the facility information is used.

My WLAN controller has the following syslog settings.
i.e. Station Events should use facility local.1

01d65b08f71b4683a22ef26c9a0a1533_RackMultipart20161123-52049-19htcv9-syslog_facilities02_inline.png



Trace from a packet that is tx by the controller = local.1 for a station events

01d65b08f71b4683a22ef26c9a0a1533_RackMultipart20161123-21667-v46mlf-syslog_facilities04_inline.png



This is what I get in the EMC syslog...
<6>Nov 23 21:15:58 172.24.24.101 events: EventType[Registration] MAC[84:18:26:7C:1C:2B] AP[AP3825i] SSID[Home] BSSID[D8:84:66:02:DF:E8] Details: Radio[2]

It would be great to also have that information in EMC and be able to filter on it so i.e. I'd only see my station events = local.1

Thanks,
Ron
0 Kudos

Michael_Butterf
Extreme Employee

‎11-23-2016 06:33 PM

Hi Marius,

This is a bug in the /etc/rsyslog.conf file which will be fixed in an upcoming release.

If you edit the /etc/rsyslog.conf file and find the line:

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

and replace it with:

# Use precise instead
$template precise,"<%syslogpriority%>%timegenerated% %HOSTNAME% %syslogtag% %msg%\n"
$ActionFileDefaultTemplate precise

and then run:

service rsyslog restart

your /var/log/syslog files should have the following format with the severity in the first 3 characters:

<6>Nov 23 14:17:01 netsight147-11 CRON[182011]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
<6>Nov 23 14:17:02 netsight147-11 CRON[182007]: (CRON) info (No MTA installed, discarding output)

Please let us know how it goes.

Thanks

Mike Butterfield

0 Kudos
GTM-P2G8KFN