Hi,

 thx, pls disable send syslog messages now (to my dev). :)

Restart rsyslog was fixed your issue?
(Probably in stable still not fixed issue with reload syslog rules dinamically).

Rami Kytölä wrote:

Hi,

 

  1. We are using the current stable subscription edition
  2. We have tried restarting rsyslog
    1. We are using version 8.16.0
  3. This has been now enabled
    1. Are you seeing the incoming syslogs?
  4. This device is HP Procurve

 

 

 

---------------------------------------------------

Ramiky

-----------------------------------------------------

 

Lähettäjä: Mike Stupalov [mailto:mike@stupalov.ru] Puolesta Mike Stupalov
Lähetetty: keskiviikko 25. huhtikuuta 2018 23:14
Vastaanottaja: Observium <observium@observium.org>; Rami Kytölä <Rami.Kytola@seutupalvelukeskus.fi>
Aihe: Re: [Observium] Syslog rules

 

Hi,

1. which observium version you use?
2. try restart rsyslog system service (this issue can happen on some older observium versions).

3. please enable (if possible) temporary send syslog messages
   from device (iso.tk-sw2 or kau or similar) to my dev server: 77.222.50.30
   (I will improve syslog message parsing for it)
4. which os on this devices?


25 April 2018 at 22:11

Hi,

Yeap, but the port rule is not working currently. We get about 2k port syslog-messages per/day. Is there a way to diagnose why the rules are not working?



---------------------------------------------------
Ramiky
-----------------------------------------------------


________________________________________
Lähettäjä: observium <observium-bounces@observium.org> käyttäjän  puolestaAdam Armstrong <adama@memetic.org>
Lähetetty: 25. huhtikuuta 2018 18:31
Vastaanottaja: Observium
Aihe: Re: [Observium] Syslog rules

There's no reason /port/ wouldn't work.

The others probably don't work though, because you need to escape the
spaces.

adam.


On 2018-04-25 15:14, Rami Kytölä wrote:
> Hi,
>
> Is there a way to get Syslog rules/alerts to work?
>
> Syslogs are configured and are populating database:
>
> Syslogs are also linked to correct devices with correct priorities.
>
> We have set-up few rules:
>
> But if I try with our test rule:
>
> Then if I search from the syslog:
>
> ---------------------------------------------------
>
> Ramiky
>
> -----------------------------------------------------
> _______________________________________________
> observium mailing list
> observium@observium.org
> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium


_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

25 April 2018 at 18:31

There's no reason /port/ wouldn't work.

The others probably don't work though, because you need to escape the spaces.

adam.



_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

25 April 2018 at 17:14

Hi,

 

Is there a way to get Syslog rules/alerts to work?

 

Syslogs are configured and are populating database:

 

 

Syslogs are also linked to correct devices with correct priorities.

 

We have set-up few rules:

 

 

But if I try with our test rule:

 

 

Then if I search from the syslog:

 

 

---------------------------------------------------

Ramiky

-----------------------------------------------------

 



_______________________________________________
observium mailing list
observium@observium.org
http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

 

--
Mike Stupalov
Observium Limited, http://observium.org


--
Mike Stupalov
Observium Limited, http://observium.org