Community
Command Central
MVP Program
Monthly Mission
Blogs
Groups
Events
Media Vault
Products
Observability
Network Management
Application Management
IT Security
IT Service Management
System Management
Database Management
Content Exchange
SolarWinds Platform
Server & Application Monitor
Database Performance Analyzer
Server Configuration Monitor
Network Performance Monitor
Network Configuration Manager
SQL Sentry
Web Help Desk
Free Tools & Trials
Store
Home
Products
Network Performance Monitor (NPM)
Syslog Filtering
BryanBecker
I upgraded to 7.7 last night and I'm very happy with the syslog server and it being integrated with the server. I need some help/input. We log alot of ACL denies. I would say 95% of the logs are those ACL denies. While they are useful we don't want them to fill up the viewer and possibly hide a message we really need to look at. What I'd like to do is create a view filter that can be used when needed. Basically have a filter that shows all syslogs except those ACL denies. Now I don't want them to be deleted, I just want to be able to view everything but those. And if something does come up and I need to see the ACL denies then I can unselect the view filter and get all logs again.
If this "view filter" is not available in this version it would be a great thing to have to help sort through tons of messages.
Thanks.
BB
Find more posts tagged with
Accepted answers
All comments
BK
Hey Bryan,
The magic character you are needing is !
Just change the search message pattern to
!*[Dd]eny*
That will list all messages that do NOT contain Deny or deny
I am not sure if you are using the Syslog Viewer application or the web site. The search critiera listed above will work with either. If you are using the Syslog Viewer application, create a new Search Messages windows, and put in the above critiera. You can then set the screen to auto refresh every x seconds.
If you didn't know this, you can bring up multiple search windows, and and using the mouse, click down and drag the tab at the top of the window and split the application screen. This would allow you to have two more more panels open, each upating on different search critera. There is also a button that looks like sargent strips in the upper left of the search critera window that will let you collaps the criteria area of the screen so you can see more messages.
Hope this helps. Reply if you need more.
BK
Nobody Special
BryanBecker
Thanks BK....this is a workaround for us. We use the syslogs off the Orion site now and not worry about logging into the server it self. It would be nice if we could write our our "view filters" and have them as a drop down option on the site or even in the application itself.
Thansk again.
BB
BK
Just checking here, because I am not sure if you already know this...
On the Last XX Syslog Messages Web Resource you can configure a view filter by clicking on the "Edit Resource" Icon, on the upper right part of the title bar on the resource. On the Filter, you could then specify
Message NOT LIKE '*[Dd]eny*'
as the filter.
If you creating a new Custom Summery Resource, and added the Last XX Syslog Messages, syslog messages about all nodes are displayed. Using the Edit Resource, you could limit this to only messages without Deny as described above.
By then clicking on the Syslog on the menu bar, it would take you
to an unfiltered view, or you could put multiple Last XX Syslog Messages on the same Summary View with different fitler criters.
OK, not a snazy as you are looking for, but it does allow you to define a filter view.
BK
Nobody Special
BryanBecker
BK...I tired both ur suggestions. Like u said it isn't snazy but it works. I think it would be real nice and easy to do is create these view filters and just have a drop-down box to use them.
Thanks again.
BB
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Help
Best Of
