Configuring the Jscript to forward a snippet of the Syslog

daham_bm

Create a new rule in Kiwi Syslog Server Setup

1. Add an appropriate rule name
2. Configure the Filter

Filter option can be used to include or exclude nodes which require this rule to be run

 

In the example I have used the IP address range where this rule is only applicable for these source IP address.

 

 

3. Add the action

To accomplish this requirement we can use a script to split the original syslog message to small pieces.

 

4. Click on the three dotted icon and choose the script.
5. Select the correct script language in the drop down menu.

In this example I have selected the Jscript as my language

Script

function Main() {

 

var strSource = VarRawMessageText;                       (Getting the Raw message as the source string)

 

var strArray = strSource.split(' ');                               (Splitting the source message in ‘ ’ Spaces)              

 

VarCustom01 = strArray[8];                                        (Adding the splitted message into variables, Only the   required parts needs to be added into the variables)

VarCustom02 = strArray[9];

VarCustom03 = strArray[12]

VarCustom04 = strArray[15];

 

VarCustom05 = "Test Log" + VarCustom01 + " " + VarCustom02 + " " + VarCustom03 + " " + VarCustom04;

(Combining the variables parts into one variable)

 

Fields.ActionSpoofSyslog("Kiwi_Syslog_Server_IP", "Source_IP", "SolarWinds_Server_IP", SW_Port, VarCustom05 );

        (calling the function for the complete message to be forwarded into the SolarWinds Syslog )

1. Kiwi_Syslog_Server_IP : IP address of the SolarWinds Kiwi Syslog server
2. Source_IP : Original syslog sender IP address
3. SolarWinds_Server_IP : SolarWinds server IP address
4. SW_Port : Syslog port configured on the SoalrWinds server
5. VarCustom05 : Custom message

 

return "OK";

 

}

 

Example

 Original syslog message

Aug 25 15:32:21 SITE-SERVER.corp MSWinEventLog 4 Application 18 Fri Aug 25 15:32:18 2023 0 BulkImportService  N/A Warning SITE-SERVER.corp 0 More than 5 .csv files found in C:\Configuration\FTP\NLLWD\Opales

 

Variables define in the script

VarCustom01 = strArray[3];

VarCustom02 = strArray[4];

VarCustom03 = strArray[6];

VarCustom04 = strArray[7];

VarCustom05 = strArray[17];

VarCustom06 = strArray[27];

 

Variable combining

VarCustom07 = "Test Log" + VarCustom01 + " " + VarCustom02 + " " + VarCustom03 + " " + VarCustom04 + " " + VarCustom05 + " " + VarCustom06

 

Output

'Test Log SITE-SERVER.corp MSWinEventLog Application 18 Warning C:ConfigurationFTPNLLWDOpales'

The output message will be forwarded to the SolarWinds syslog

In the example, I have added some more actions to the rule to log the Syslog to a log file