hi,
i have enabled the syslog daemon and i am receiving log that i can see in the syslog monitor but now i want to turn them into alarms, how do i do that ?
what are the syslog parameters ? are they like snmp varbinds ?
how do i edit the message to display only parts of it ?
10x,
lindeamon
Hi!
You have to create correct log parser. See this section of the manual: http://wiki.netxms.org/wiki/UM:Log_Monitoring (http://wiki.netxms.org/wiki/UM:Log_Monitoring) for parser syntax.
Best regards,
Victor
hi victor,
are there any variables to use with syslog ?
i have red the explanation but i could not find how to take the message that came with the syslog event and transfer it to the event message of netxms after parsing and reducing what i do not need out of it.
Best Regards,
Lindeamon
For example, you have syslog records like this coming in:
Error: some error text
and you want to have everything after "Error:" to be message text of your event. First, you should create new event with name, for example, SYSLOG_ERROR and with message simply set to %1 (value of first parameter). Then, the following syslog parser will create correct events:
<parser>
<rules>
<rule>
<match>Error: (.*)</match>
<event params="1">SYSLOG_ERROR</event>
</rule>
</rules>
</parser>
what will be catch by first matching group in regexp will come into first parameter of the event, second matching group to second parameter, and so on.
Best regards,
Victor
hi victor,
now i am starting to remember. i asked some questions before regarding event log monitor and this brings up everything.
is there any way to make things more simpler ? meaning that you develop a window/utility/something that will allow me to boost up my productivity ?
as always, can't get enough of your fine work.
Best Regards,
Lindeamon
hi victor,
how do i represent < in reg exp ?
i want to match: xxxxxxxxxxxxx xxxxxxxxxx <50000> xxxxxxxxxxxxxxxxxxxxxx
where <50000> is a string.
i have managed to do this with 50000 but i need to do this as <50000>
Thanks,
Lindeamon
hi victor,
i have managed to solve the problem. apparently i had to use both new and old consoles.
i have used the new console to create the xml structure which represented "<" and ">" as < > and the old console to delete everything else.
what i did not know is that i have to leave the class='java......." that the new console created.
10x,
Lindeamon
Hi!
You can just type < and > in XML file in old console (don't forget semicolon!). And if you need & character, you should use &
Best regards,
Victor
Thank you victor,
when will you issue the next release ? :)