Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Syslog alert macro issues

I am using the syslog alert function to send emails when certain syslog messages come up. It works well, but the macros aren't working right. For example using ${CAPTION} or ${NodeName} is returning the literal text rather than the name of the node. I also notice that the link to the syslog macros that the help button sends you to is a broken link. "">solarwinds.net/.../SysLog_Macros.htm".

Anyone else have these issues?

Barax.

Find more posts tagged with

Accepted answers

All comments

Network_Guru

The Macro help page has been moved.
Unless you are running the latest code - V7.8, you are out of luck using the built-in macro help link.
I asked SW Support about this, and I was told they would not be fixing this.
For those of us not running the latest code, the macro help link can be manually accessed here:

www.solarwinds.net/.../Alert Macros.htm

-=Cheers=-
NG

gbrance

I have the same problem with Macros in Syslog alerts also. I use the same Macro syntax for the Alert under Orion Performance Monitor and it properly populates the field with the nodename our any custom properties for example. However when I use the same syntax in Syslog alert it returns the literal text.

GB

gbrance

I talked to Solar Winds support and these are the only macros that the Syslog server supports.

${Hostname}
${IP}
${DateTime}
${MESSAGETYPE}
${MESSAGE}

I hope that this helps. -GB

ggardner1

Thanks, the hostname variable did the trick!

DonYonce

Syslog Server supports the following Macros :

${HOSTNAME}
${IP}
${FACILITY}
${FACILITYNAME}
${SEVERITY}
${SEVERITYNAME}
${MESSAGETIME}
${TAG} or ${SYSLOGTAG}
${DISCARD}
${MESSAGE}
${MESSAGETYPE}
${NOW}
${UTC}
${DATETIME}
${DATE}
${LONGDATE}
${MEDIUMDATE}
${TIME}
${LONGTIME}
${MEDIUMTIME}
${DOW}
${DAY} or ${D}
${DD}
${ABREVIATEDDOW}
${LOCALDOW}
${MONTH} or ${M}
${MM}
${MMM}
${MONTHNAME} or ${MMMM}
${LOCALMONTHNAME}
${DAYOFYEAR}
${YEAR2}
${YEAR4} or ${YEAR}
${HOUR} or ${H}
${HH}
${N} or ${MINUTE}
${S} or ${SECOND}
${AMPM}

RyanJett

The Syslog Macros web page has been updated and published. Here is the link: http://solarwinds.net/NetPerfMon/Help/AdminGuide/SysLog_Macros.htm

Please contact the [url="mailto:Support@SolarWinds.Net"]SolarWinds Support Team if you have any questions or suggestions.

-Ryan Jett

mgibson

${HOSTNAME} isn't even an option, this is not one of the columns available.

chris.conway

${HOSTNAME} is available in 7.8.5. However, if no DNS server is available to perform a lookup against, the IP address will be used.

Analyser Sales Ltd
SolarWinds Premier Partner
www.asl-solarwinds.co.uk

bcole

Have there been any updates to the variables available in the syslog alerting mechanism? I notice in the Orion syslog viewer, there is a field called "CAPTION", but I can't seem to find any corresponding variable to use in an e-mail alert.

odelay

bcole, the ${CAPTION} variable is taken from the Orion Nodes db, not the Syslog db, and displayed in the Syslog Viewer, but for some reason this macro is not available to use in email alerts, you can only use the syslog specific variables. You could try the ${DNS} or ${HOSTNAME} macros which are available for syslog email alerts. However, I have not been able to get them to correctly. All email alerts just display the IP Address. This is still the case in Orion v9. I believe it is because the action to send the email is completed before the reverse DNS lookup of the sending device's IP Address, and so the server cannot populate email with the hostname quickly enough.

I raised this with Solarwinds support, and their only suggestion was to configure all our network devices to include the hostname in the syslog message that they send (there are cisco IOS & CatOS commands to do this). However, all this means is that the hostname is in the main syslog "message" that is sent. There is no way that the Orion Syslog Server can then pull this hostname alone out of the message. So essentially the only way of displaying the sending devices hostname in the subject of an email, is to use these commands on your Cisco devices, and use the ${MESSAGE} macro in the email subject! i.e. the entire syslog message in the email subject. Needless to say we have not implemented this, as it is far from ideal. We will continue to use CiscoWorks for syslog alerting, either until Solarwinds decide to fix this, or we find an alternative solution.

I'm not holding my breath though! They seem to be more concerned with adding shiny new icons and chart graphics than fixing these far more imperative issues.

bcole

That is what I figured with the $CAPTION. Obviously if Solarwinds is doing the DB lookup now, it shouldn't be too difficult to add.

I tested with the reverse DNS and it does seem to work. I am not thrilled with populating DNS with all the IP addresses for all my network devices.

Thanks for the information.