Open for Voting
over 1 year ago

Build Your Own Syslog Connectors

I have a lot of devices that can send syslogs to LEM; however, often there aren't connectors for those logs.  I would love to see a small development environment for creating your own syslog connectors.  I imagine two different ways this could be implemented...

The first method would allow you to look at the raw syslogs, highlight the different sections and drag it over to the set of normalized data fields to basically teach the new connector which sections of the syslog message would be normalized into the different data parts.

The second method would be to publish a Regular Expression that could then be used to match the different sections of the message and equate them to the different normalized data parts.

I think the first method would be much more user friendly and be more in line with how SolarWinds has done things in other products.

  • Hello, I think this need to be revisited as the need for the connector is becoming even greater as Covid as allowed work from home the new norm.

    I have three requests are linking to connectors would befit all customer of SolarWinds.

    1) Simple documentation of what each connector parses will help us a customer develop rules to meet there needs.  Also allows us to know if a connector breaks because we are missing information. 

    2) I understand most of the connectors are Regex based code but telling uses the regex used but assist in fixing problems what new versions are released. 

    3) Release an open regex connector as Beta where customer can test their own connectors they build.  As a customer, I would understand that support of this connecter would not be supported by SolarWinds but would help us fill the gap temporary under Offical connector could be released.

  • Hi Team. Are there any news for this request? This is very desirable feature!

  • Is there an API for the connector so that we could develop something in-house to allow us to connect to logs that are not already built-in? (in this case to SQLAuditor.exe).

  • And I found out a new trick from support as well... if you create a realtime filter in the regular area you can then open it up in the new HTML5 interface and from there you can change the timeframe on the filter... BAM just like that it's not only realtime now!