This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Syslog alerts: howto display message and populate variables/custom properties

Hi all,

I need to integrate a NAC management software to send alarms/events to SolarWinds. I added only the NAC management node to SolarWinds - not the NAC appliances themselves. All alarming is produced by the management solution and I managed to have it send these alarms to SolarWinds using Syslog. Using the alarm manager I can configure custom SQL conditions within the trigger conditions that trigger on specific content of each Syslog message - that works great.

The challenge I have is that the alert will currently only display a static alert name, description and severity level and will show me the node which triggered the event. In my case that is not enough as the node will always be that management system but I need to display the proper source of the event which could often be a specific NAC appliance which happened to report an issue. What would be a good way to achieve this?

I tried to define an action which would log a new event which can contain variables from that syslog message but I could not find a variable that would give me the full Syslog message text - that text would contain details about the original source device. Even better would be to have variables or custom properties I could dynamically fill with data from the syslog message. But I guess there is no regex engine that I could use to grep parts of a syslog message and populate it into a custom field/property/variable?

Thanks a lot in advance for helping me,

Kurt