cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Syslogs in NPM 12.5

Jump to solution

I've just started using NPM 12.5 and I've noticed that Syslog Viewer on the server is no longer available the way it was on the server.

How do I now forward a syslog message in an email? I can set an alert to trigger on a particular syslog but I can't see how to include the actual syslog in that email. Can anyone point me in the right direction?

I also don't seem to have the export button. I am an admin, does anyone know how to make it appear?

pastedImage_0.png

Thanks!

1 Solution

If I'm understanding you correctly, this macro should include the syslog message in the alert body for you:

${N=OLM.AlertingMacros;M=OLMAlertMessage.EventMessage}

View solution in original post

11 Replies
Level 13

Last year, I posted some SQL codes for alerting on Syslog messages, and including the actual syslog message in the alert e-mail. This is the code I used, in case it is of any use to you:

${SQL: SELECT Top 1 Message FROM Syslog WHERE (PATINDEX ('%service recommended%',Message) > 0) AND NodeID=${Nodeid}} 

I like jrouviere's solution "${N=OLM.AlertingMacros;M=OLMAlertMessage.EventMessage}" I will have to see if that works better for my uses too. If you are interested in the post I put up last year, find it at: https://thwack.solarwinds.com/message/394733#394733

Thanks.

Now the only things that are missing is the syslog widget being added to the applicable node screen and being able to receive all syslogs. I have one device that will send 4 syslogs per minute but yet I will only get one of these using this new setup. So far the new setup doesn't work as before.

0 Kudos

wesleykparker​ provided the following SQL code (in another thread) to replace the syslog widget. Thought it would be good to have here as well.

SELECT TOP 100 -- Edit this number for how many messages you want to load to widget (you can modify the widget for how many messages to page)

let.Name AS [Message Type]

,Level AS [Severity]

,TOLOCAL(DateTime) AS [Log Time]

,SUBSTRING(Message,1,100) AS Message -- Edit the last number for how many characters of the message you want to see

,CONCAT('YOURORIONURLHERE','/ui/orionlog/logviewer/now/1hours/',${NodeID},'/syslog') AS _linkfor_Message --Replace YOURORIONURLHERE with the address ex:  'https://orion.abc.com'

FROM Orion.OLM.LogEntry le

JOIN Orion.OLM.LogEntryType let ON le.LogEntryTypeID = let.LogEntryTypeID

WHERE NodeID = '${NodeID}'

--AND le.Message LIKE '%${SEARCH_STRING}%' -- Remove The -- From beginning for the "Search SWQL Query" Box

ORDER BY DATETIME DESC

Anyone got any ideas?

0 Kudos

If I'm understanding you correctly, this macro should include the syslog message in the alert body for you:

${N=OLM.AlertingMacros;M=OLMAlertMessage.EventMessage}

View solution in original post

Can I truncate the message to show just a part of the message? Something like varBinds ${vbData3} ?

Not that I'm aware of. Everywhere I've seen the event messages (such as in the OLM.LogEntry table) they are stored entirely in one field.

I don't know of another mechanism that would parse the message for you in the alert.

0 Kudos

You are a legend!! That's exactly what I needed. I still can't see it though on "insert variable" but either way it works. Thanks for the reply.

I forget exactly how I found it, but the networking guys wanted to see the actual message so we've been using it for a little while, glad it worked!

Level 16

Hi

That is not look like the old Syslog Viewer...

Are you enable the LA o the nodes

pastedImage_0.png

0 Kudos

Yup I've enabled LA on the nodes.

I get all the syslogs appearing in Log Viewer. My issue is, how can I forward one of those syslogs to an email address?

Yes I've set up the alert to send me an email but how do I attach the actual syslog message to my email? This was soooo simple to do in the Syslog Viewer application on the server. Now it looks like it can't be done.

Anyone?

0 Kudos