Hi,
I'm attempting to create a syslog parser without much success. So far I have:
- Verified syslog messages are being correctly received by the server. I can see many events in the syslog monitor from my devices.
- Created an Event Configuration item with ID 100002
- Created a new syslog parser with the following configuration:
<parser name="">
<rules>
<rule>
<match>LOGIN_FAILED.*</match>
<event params="0">100002</event>
</rule>
</rules>
<macros/>
</parser>
- Created an Event Processing policy with the following information:
Condition -> Events match 100002
Condition -> Severity Filter all items checked
Action -> Alarm create new alarm with an alarm timeout of 600 seconds
This configuration results in nothing occurring. Any insight into this would be appreciated.
I couldn't get this working with the built-in syslog server. So, I disabled that and configured the OS syslog server to accept remote connections. I then configured LogWatch on the agent and created a parser file et al.
That setup works without issue for me. Not the cleanest implementation, but certainly doable.
hi
i have a problem with syslog too. netxms 1.2.14 on w2k8r2 dont catch any syslog message