NetXMS Support Forum

Not sure if this is solely because of an update, but I went from 4.0.x to current latest (4.2.395) and shortly after I noticed I was not getting SysLog messages via SLACK

This was working perfectly before and i've not changed anything in the parser
I can definitely see SysLog messages in NetXMS by right clicking on node and choosing Logs->SysLog so they are still being received just fine, but parser doesn't seem to be doing anything

In SysLog Parser I have 'Always process all rules' ticked (always have)

As an example, the very first rule is...

system,error,critical login failure for user (.*) from (.*) via (.*)And to generate an event

This matches perfectly with an actual SysLog message - and has been working for years
i.e.

Quotesystem,error,critical login failure for user [email protected] from 1.2.3.4 via winbox

That event does not appear to be created though
If I go to View->Event Log it's not there

Has something changed? bug?

It's a bug introduced in 4.2. It affects syslog and windows event log processing in fields "source" and "tag".

Bug is fixed, will be in next patch release. 

Meanwhile you can put * character in syslog tag field, it should work that way.