Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Pull info from syslog message under log viewer to put into alert emails

How do i pull Cisco configuration changes message content from Log Viewer to place it in emails sent to administrators and the event log? I'm new to SWQL and have found the data in Orion.OLM.LogEntry with a wonky SWQL query. I'm looking at making a new variable in Alert Actions but I'm not sure how to proceed here. I think if I add the variable as is, I wouldn't be able to specify the device I'm pulling from?

Or let's say I filter on NodeID? Where would I get that NodeID from in the first place? And what if multiple changes were made on the device? Has anyone ever tried this before?

SELECT TOP 1 LogEntryID, LogEntryTypeID, LogEntryLevelID, NodeID, MessageSourceID, DateTime, MessageDateTime, Message, Level, LevelKey
FROM Orion.OLM.LogEntry
WHERE Level = 'Notice'
AND Message LIKE '%PARSE%'

The messages all have this in common: %PARSER-5-CFGLOG_LOGGEDCMD

Find more posts tagged with

swql query

cisco

Configuration

Accepted answers

All comments

KMSigma.SWI

There's a customer query widget that I build that works on Node Details pages.

Last 100 Logs for a Node - Custom Queries - The Orion Platform - THWACK (solarwinds.com)

Just customize the Message filter to include your specific needs.