I have a lot of devices that can send syslogs to LEM; however, often there aren't connectors for those logs. I would love to see a small development environment for creating your own syslog connectors. I imagine two different ways this could be implemented...
The first method would allow you to look at the raw syslogs, highlight the different sections and drag it over to the set of normalized data fields to basically teach the new connector which sections of the syslog message would be normalized into the different data parts.
The second method would be to publish a Regular Expression that could then be used to match the different sections of the message and equate them to the different normalized data parts.
I think the first method would be much more user friendly and be more in line with how SolarWinds has done things in other products.
Top Comments