Hi,
1. We are using the current stable subscription edition 2. We have tried restarting rsyslog * We are using version 8.16.0 3. This has been now enabled * Are you seeing the incoming syslogs? 4. This device is HP Procurve
[cid:image001.png@01D3DD6F.CBD15B80]
[cid:image002.png@01D3DD6F.CBD15B80]
--------------------------------------------------- Ramiky -----------------------------------------------------
Lähettäjä: Mike Stupalov [mailto:mike@stupalov.ru] Puolesta Mike Stupalov Lähetetty: keskiviikko 25. huhtikuuta 2018 23:14 Vastaanottaja: Observium observium@observium.org; Rami Kytölä Rami.Kytola@seutupalvelukeskus.fi Aihe: Re: [Observium] Syslog rules
Hi,
1. which observium version you use? 2. try restart rsyslog system service (this issue can happen on some older observium versions).
3. please enable (if possible) temporary send syslog messages from device (iso.tk-sw2 or kau or similar) to my dev server: 77.222.50.30 (I will improve syslog message parsing for it) 4. which os on this devices?
Rami Kytölämailto:Rami.Kytola@seutupalvelukeskus.fi 25 April 2018 at 22:11 Hi,
Yeap, but the port rule is not working currently. We get about 2k port syslog-messages per/day. Is there a way to diagnose why the rules are not working?
[cid:image003.png@01D3DD70.3A83ACE0]
--------------------------------------------------- Ramiky -----------------------------------------------------
________________________________________ Lähettäjä: observium observium-bounces@observium.orgmailto:observium-bounces@observium.org käyttäjän puolestaAdam Armstrong adama@memetic.orgmailto:adama@memetic.org Lähetetty: 25. huhtikuuta 2018 18:31 Vastaanottaja: Observium Aihe: Re: [Observium] Syslog rules
There's no reason /port/ wouldn't work.
The others probably don't work though, because you need to escape the spaces.
adam.
On 2018-04-25 15:14, Rami Kytölä wrote:
Hi,
Is there a way to get Syslog rules/alerts to work?
Syslogs are configured and are populating database:
Syslogs are also linked to correct devices with correct priorities.
We have set-up few rules:
But if I try with our test rule:
Then if I search from the syslog:
Ramiky
observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium Adam Armstrongmailto:adama@memetic.org 25 April 2018 at 18:31 There's no reason /port/ wouldn't work.
The others probably don't work though, because you need to escape the spaces.
adam.
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium Rami Kytölämailto:Rami.Kytola@seutupalvelukeskus.fi 25 April 2018 at 17:14 Hi,
Is there a way to get Syslog rules/alerts to work?
Syslogs are configured and are populating database:
[cid:image005.png@01D3DD6F.CBD15B80]
Syslogs are also linked to correct devices with correct priorities.
We have set-up few rules:
[cid:image006.png@01D3DD6F.CBD15B80]
But if I try with our test rule:
[cid:image007.png@01D3DD6F.CBD15B80]
Then if I search from the syslog:
[cid:image008.png@01D3DD6F.CBD15B80]
--------------------------------------------------- Ramiky -----------------------------------------------------
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Mike Stupalov Observium Limited, http://observium.org
