Syslog severity in Netsight
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-23-2016 06:53 AM
My idea was to create severity alarm based on syslog messages i ECM. But I noticed that all syslog messages are logged and displayed with one severity INFO. Severity is coded in first 3 bits of every syslog message. But ECM is ignoring original severity.
Is there any explanation for such behavior?
Can ECM log syslog messages with original severity?
Thanks for your advices.
Is there any explanation for such behavior?
Can ECM log syslog messages with original severity?
Thanks for your advices.
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-19-2016 05:24 PM
Release Notes 7.0.8.34
All syslog messages were displaying with a severity of Info, regardlessof the severity with which they were configured. > 1144968
Thanks team !
All syslog messages were displaying with a severity of Info, regardlessof the severity with which they were configured. > 1144968
Thanks team !
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-24-2016 11:50 AM
I made two modifications and I get syslog severity in EMC syslog events:
1 . Changed symbol of separator from <> to space :
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormatand replace it with:
# Use precise instead
$template precise,"%syslogpriority% %timegenerated% %HOSTNAME% %syslogtag% %msg%\n"
$ActionFileDefaultTemplate precise
2. Modified pattern for Log Manager Parameters -SYSLOG (Event View Manager) - added field %sevint% with separators \w to standard Ubuntu pattern :
%sevint%\w%month%\w%day%\w%time%\w%src%\w%info%
It works.
If there would be a possibility to use different patterns for device groups it would be useful. How to manage this issue?
1 . Changed symbol of separator from <> to space :
#$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormatand replace it with:
# Use precise instead
$template precise,"%syslogpriority% %timegenerated% %HOSTNAME% %syslogtag% %msg%\n"
$ActionFileDefaultTemplate precise
2. Modified pattern for Log Manager Parameters -SYSLOG (Event View Manager) - added field %sevint% with separators \w to standard Ubuntu pattern :
%sevint%\w%month%\w%day%\w%time%\w%src%\w%info%
It works.
If there would be a possibility to use different patterns for device groups it would be useful. How to manage this issue?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-24-2016 11:50 AM
Thanks a lot... works like a charm.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-24-2016 11:50 AM
Hello,
This is instruction for step 2:
Netsight Console
Tools tab /Alarm event/Event View Manager
Available log managers/Syslog -Edit
Pattern - Config
create new Custom pattern configuration - enter name and pattern:
%sevint%\w%month%\w%day%\w%time%\w%src%\w%info%
ok/apply.....
This is instruction for step 2:
Netsight Console
Tools tab /Alarm event/Event View Manager
Available log managers/Syslog -Edit
Pattern - Config
create new Custom pattern configuration - enter name and pattern:
%sevint%\w%month%\w%day%\w%time%\w%src%\w%info%
ok/apply.....
