• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 21 subscribers
  • Views 485 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Kiwi script works with Test button but not with live data

briancwalker

Hi all,

I have been trying to create a script that will capture duplicate log events and periodically spit to the display a modified entry preceded by an accurence. count.  I have included an output to display command within the script for debugging purposes The script is working as designed with the test data, but when live data come in, it appears to completely skip my script and go straight to the display action; the internal display in the script appears to not execute.

Attached is the script, very heavily modified from the script in the VPN SYSTEM item under content, altough I suspect it is not the script at fault.

On other caveat - the information in the live stream is Windows event log data from a SolarWinds log forwarder.

I would be grateful for any input.

Thank you,

Brian

  • 0

    Are there any errors in the Syslog server error log?

  • 0 in reply to kstone

    Classification: UNCLASSIFIED

    Caveats: NONE

    Nothing at all that looks relevant in the error log or in the local server logs.

    Brian C. Walker (MCSE: Security, A, Network, Security+, BCNE, BCND, VCP5-DCV)

    IASO, Information Management Division

    Munson Army Health Center

    550 Pope Avenue Fort Leavenworth,KS 66027-2332

    DSN: 552-6438

    OFFICE: 913-684-6438

    FAX: 913-684-6399

    brian.c.walker1.civ@mail.mil

      • PROPRIETARY & CONFIDENTIAL **  This email and any attachments are confidential and/or proprietary and intended solely for the named recipients. Unauthorized use, copying, or distribution is prohibited. If you received this e-mail in error, please notify me by replying and delete the message without copying or disclosing it. Thank you.

  • 0 in reply to briancwalker

    It seems like the data isn't matching so the rule isn't triggering.  What is your filter criteria and does the test and live data match?

  • 0 in reply to kstone

    Classification: UNCLASSIFIED

    Caveats: NONE

    Sample from using test button:

    2014-03-31 15:42:33 Kernel.Error xxx.xxx.xxx.xxx This is a test message from Kiwi Syslog Server

    2014-03-31 15:43:40 Kernel.Error xxx.xxx.xxx.xxx (2x)This is a test message from Kiwi Syslog Server

    These are generated from within the script and set to a Display I'm using for debugging - these never make it to the intended final destination display. That may be by design.

    Here is a sample message from the actual server event stream:

    03-31-2014 14:42:13 Kernel.Error SERVERNAME Mar 31 14:42:13 SERVERNAME.domain MSWinEventLog 3 Application 3589 Mon Mar 31 14:42:13 2014 5 Smart Card Logon N/A Error SERVERNAME.domain 0 An error occurred while retrieving a digital certificate from the inserted smart card. The specified reader name is not recognized.

    This message shows up in the intended final destination display. However, it does not show up on the debug display, which would seem to indicate to me that it is completely bypassing my script.

    Thanks for trying to help,

    Brian C. Walker (MCSE: Security, A, Network, Security+, BCNE, BCND, VCP5-DCV)

    IASO, Information Management Division

    Munson Army Health Center

    550 Pope Avenue Fort Leavenworth,KS 66027-2332

    DSN: 552-6438

    OFFICE: 913-684-6438

    FAX: 913-684-6399

    brian.c.walker1.civ@mail.mil

      • PROPRIETARY & CONFIDENTIAL **  This email and any attachments are confidential and/or proprietary and intended solely for the named recipients. Unauthorized use, copying, or distribution is prohibited. If you received this e-mail in error, please notify me by replying and delete the message without copying or disclosing it. Thank you.

  • 0 in reply to briancwalker

    Have you resolved this?  If not can you share your filters and actions?

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.