This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Kiwi Syslog - replace string on alert

luca.vidali over 4 years ago

Hi All,

I would like to create an alert (using Kiwi Syslog server) on a syslog message if an OSPF adjacency goes down, but I prefer to add (or replace) the neighbor (in this example 172.31.0.136) with a custom string.

Nov 18 10:27:40: %OSPF-5-ADJCHG: Process 1, Nbr 172.31.0.136 on GigabitEthernet1/0/23 from FULL to DOWN, Neighbor Down: Interface down or detached

Any ideas if it's possibile and how?

Many thanks!

Luca

Top Replies

kstone over 4 years ago +2

It is definitely possible. The easiest case is you have a single neighbor IP address and replace it with the same string each time. There is a good example of this in the example scripts in the app directory…

0 kstone over 4 years ago

It is definitely possible. The easiest case is you have a single neighbor IP address and replace it with the same string each time. There is a good example of this in the example scripts in the app directory. The script name is 'Script_replaceText.txt'. The default language for KSS is VBscript so you can create scripts to manage most things.
More complex is having multiple KNOWN neighbors and strings to replace them with. You can manage this a couple of ways:
An 'if' statement for each possibility:
------
if instr(Fields.VarCleanMessageText), <IP Address 1> then
replace(Fields.VarCleanMessageText, <IP Address 1>, <Hostname1>)
end if
if instr(Fields.VarCleanMessageText), <IP Address 2> then
replace(Fields.VarCleanMessageText, <IP Address 2>, <Hostname 2>)
end if
------
You can also use 'case' statements to do the same thing.
Cancel
Vote Up +2 Vote Down

Cancel
0 luca.vidali over 4 years ago in reply to kstone

Hi Kstone,
yes exactly I would like to search more peer.
For this reason today I worked on a script (VB Script) and it works.
Basically the script do this things:
1) extract the neighbor IP from the log and save it on a variable (obviusly I filter the log using KSS filter in order to match only the ospf neighbot up/down events)
2) Then the script search the IP in a CSV file where on the first column I have the nbr IP and in the second column the value that I would like to save in a variable (varcustom) that print out in the alert email
This is the script (i have only to manage the case the the nbr IP is not listed.. new peer.. but this is simple, I'll do it tomorrow) :
Function Main()
strSyslog = VarRawMessageText
Set objRE = New RegExp
'Extract Neighbor IP
With objRE
    .Pattern    = "\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b"
    .IgnoreCase = True
    .Global     = False
End With
Set objMatch = objRE.Execute( strSyslog )
'Set the Variabe varIP with the neighbor IP to parse the file
If objMatch.Count = 1 Then
    varIP = objMatch.Item(0)
End If
Const ForReading = 1
'Create the file system object
Set fso = CreateObject("Scripting.FileSystemObject")
'Open the source file to read it
set ts = fso.OpenTextFile("C:\temp\codifica.csv",ForReading)
'Read the file line by line
Do while not ts.AtEndOfStream
strLine = ts.ReadLine
'Split the line on the comma into an array
strValues = Split(strLine, ",")
'Check if the dq number matches
If strValues(0) = varIP Then
'Get the other values you need
varCustom01 = strValues(1)
'Exit the loop
Exit Do
End If
Loop
'Close the file
ts.Close
'Clean up
Set ts = Nothing
Set fso = Nothing
Main = "OK"
End Function
Thanks!
Cancel
Vote Up 0 Vote Down

Cancel