Please read main post: Top N Hosts Report (part 1).
Just an FYI.
The Keep Alive bug was fixed in one of the last 2 updates so if you were wanting to use that as an option to kick off the custom reporting script you don't have to use the Secure TCP as an offset, you can just use the Keep Alive input source now.
I hadn't realized I posted that bug here, but anyone who was using the secure TCP as the input source as a fix and it's broken now, changing it back to Keep-alive will resolve that.
I'm sure this answer is too late to help tharaka, but I'm fairly certain that the answer is that there were no entries in the dictionary item for hostaddresses. That means that you are saying "For i = 0 to -1" I'm using the same logic and there could be some error handling in the script. I would upload a corrected copy, but really the meat of this script is just for reference now. I beleive that when it was originally written by Kuz, Kiwi was not already providing this information by default and it had to be scripted.
Actually might as well...
The error handling would be to include everything under "With Dictionaries" under an IF THEN block...
[code]
With Dictionaires
If HostAddresses = .GetKeys("Stats") > 1 Then
rest of the with dictionaries code
End If
End With
'Send email code at the bottom:
[/code]
You could handle this a bit differently if you wanted to report on a single host address, but essentially you would just get rid of the sorting routine if the value = 1. As it stands now, the sorting isn't going to work (and isn't needed) if you don't have at least 2 devices reporting to kiwi.
I have followed the advice in this post and the TopNHosts_pt1 but cannot get the desired output. I am new to syslog so there may be some adjustments I need to make to the scripting. Syslog is being run an a 64 bit virtual machine
There is no table or data only :
2013-08-14 11:18:56 Syslog.Warning localhost Keep-alive message
2013-08-14 11:19:56 Syslog.Warning localhost Keep-alive message
2013-08-14 11:20:56 Syslog.Warning localhost Keep-alive message
2013-08-14 11:21:56 Syslog.Warning localhost Keep-alive message
2013-08-14 11:22:56 Syslog.Warning localhost Keep-alive message
2013-08-14 11:23:56 Syslog.Warning localhost Keep-alive message
2013-08-14 11:24:56 Syslog.Warning localhost Keep-alive message
2013-08-14 11:25:56 Syslog.Warning localhost Keep-alive message
2013-08-14 11:26:57 Syslog.Warning localhost Keep-alive message
2013-08-14 11:27:58 Syslog.Warning localhost Keep-alive message
2013-08-14 11:28:58 Syslog.Warning localhost Keep-alive message
2013-08-14 11:29:58 Syslog.Warning localhost Keep-alive message
2013-08-14 11:30:58 Syslog.Warning localhost Keep-alive message
2013-08-14 11:31:58 Syslog.Warning localhost Keep-alive message
2013-08-14 11:32:58 Syslog.Warning localhost Keep-alive message
2013-08-14 11:33:58 Syslog.Warning localhost Keep-alive message
2013-08-14 11:34:58 Syslog.Warning localhost Keep-alive message
Did you modify the scripts at all? And if so, can you post your current copy of the scripts?
Also, are you sure the output above is coming from the script and not somewhere else?
And are you receiving all of those messages via one e-mail or multiple e-mails?
Last but not least... can you screenshot your rule setup for these scripts?
