I'm having issues getting the Orion v8.5.1 Syslog Service to include the hostname of a device in the email alerts that it forwards. I have tried contacting EMEA support directly about this, but they weren't able to provide a solution.
We want the syslog service to work in the same way that Cisco Works does, and include the hostname of a device in the subject of an email alert:
I have created various syslog alert types, config changes, EIGRP neighbour changes, BGP neighbour changes etc., and added alert actions to send an email using the following macros:
Subject:
Configuration Change: ${DNS} - ${IP}
Message:
Timestamp: ${DateTime}
Message Type: ${MESSAGETYPE}
Message: ${MESSAGE}
This doesn't work. The email that is sent displays the IP address of the originating device twice, once for the ${DNS} macro and once for the ${IP} macro.
I have also tried using the ${Hostname} macro with the same results. Some of our kit is in DNS, some is in a local hosts file. I get the same results with both.
However, when I view the Syslog Viewer on the Orion server, the DNS column is being correctly propogated with the originating device's hostname, whether it's in DNS or the local hosts file.
So, is this a timing thing? Is it sending the email before it has had a chance to get the hostname from DNS?
Why does it work in the Syslog Viewer, but not in the Email Alert?
I am aware of the option to use the command on cisco devices to include the hostname in the message, but this doesn't help, as it is just included in the message itself, therefore the only way of having the originating device's hostname displayed in the email subject, would be to have the entire syslog messge in the subject (using the ${MESSAGE} macro), not ideal.
Anyone got any ideas???
Thanks
Surely this is possible? Seems pretty useless to me without this ability.
