Not sure if this is solely because of an update, but I went from 4.0.x to current latest (4.2.395) and shortly after I noticed I was not getting SysLog messages via SLACK
This was working perfectly before and i've not changed anything in the parser
I can definitely see SysLog messages in NetXMS by right clicking on node and choosing Logs->SysLog so they are still being received just fine, but parser doesn't seem to be doing anything
In SysLog Parser I have 'Always process all rules' ticked (always have)
As an example, the very first rule is...
system,error,critical login failure for user (.*) from (.*) via (.*)And to generate an event
This matches perfectly with an actual SysLog message - and has been working for years
i.e.
Quotesystem,error,critical login failure for user [email protected] from 1.2.3.4 via winbox
That event does not appear to be created though
If I go to View->Event Log it's not there
Has something changed? bug?
It's a bug introduced in 4.2. It affects syslog and windows event log processing in fields "source" and "tag".
Bug is fixed, will be in next patch release.
Meanwhile you can put * character in syslog tag field, it should work that way.