NetXMS Support Forum

hi,

what happend to the syslog in v1.2.5 ?
in the syslog monitor i can see the messages but no events are created.
i can not edit the syslog xml, can not save changes to be more specific, but nothing has changed in the configuration

need help A.S.A.P

10x,
Lindeamon

Hi!

There should be no changes in syslogd. Can you send me XML file with parser configuration? Also, there are still problems with editing syslog XML config from Java console. Please use legacy console until 1.2.6 release.

Best regards,
Victor

Hi Victor,

you will have the file in 2 days.
i have noticed that in order to use "<" sign i need to enter "&lt" and in order for it to be parsed correctly the xml contains some java reference that i can not remember.do you think there is a java issue ?

Best Regards,
Lindeamon

Hi!

I think you can ignore Java stuff for know and just use old console for editing XML. And yes, you must use &lt; for < character inside tag - and don't forget semicolon!

Best regards,
Victor

hi victor,
here is a screenshot of the xml cnfiguration which have workd in version 1.2.4 and does not work in 1.2.5
i have tried enabling and disabling the syslog daemon with no luck. i have discovered that events are not created.
hope you will find the problem soon,
Best Regards,
Lindeamon

I'm having the same issue, running v1.2.5 on Windows 2003 x86. Syslog messages are received in the syslog log and monitor, but no subsequent events are generated from the parser. (can't find them in the event log/the actions aren't being executed)

Using log parser:
<parser>
<file></file>
   <rules>
<rule>
<match>(.*)</match>
<event params="1">100043</event>
</rule>
   </rules>
</parser>

event config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<formatVersion>3</formatVersion>
<description></description>
<events>
<event id="100043">
<name>Operations Warning Issue (Log parser)</name>
<code>100043</code>
<severity>1</severity>
<flags>1</flags>
<message>Warning issue with %n: %1.</message>
<description></description>
</event>
</events>
<templates>
</templates>
<traps>
</traps>
</configuration>

With debugging level 9 on, I get the message
[29-Jan-2013 09:34:41.030] syslogd: parser successfully created from config
when saving the syslog configuration, but nothing appears concerning actual syslog messages. I expected to see an event like
Match event: source=\"%s\" id=%u level=%d text=\"%s\"
when the syslog message arrives in the parser.

Might be unicode-related? Seems like the only thing changed recently to the syslog code.

Hope you can find something!

Finally I've found a problem. Syslog parser is really broken in 1.2.5. I've fixed it, so 1.2.6 will work again. I plan to release 1.2.6 somewhere next week. It will be mostly bugfix release, which will address some important issues in 1.2.5.

Best regards,
Victor

hi victor,

great news.
i can't tell you how much i need it now.

Best Regards,
Lindeamon