2 Replies Latest reply on Nov 20, 2019 9:46 AM by luca.vidali

Kiwi Syslog - replace string on alert

luca.vidali Nov 19, 2019 9:40 AM

Hi All,

I would like to create an alert (using Kiwi Syslog server) on a syslog message if an OSPF adjacency goes down, but I prefer to add (or replace) the neighbor (in this example 172.31.0.136) with a custom string.

Nov 18 10:27:40: %OSPF-5-ADJCHG: Process 1, Nbr 172.31.0.136 on GigabitEthernet1/0/23 from FULL to DOWN, Neighbor Down: Interface down or detached

Any ideas if it's possibile and how?

Many thanks!

Luca

Re: Kiwi Syslog - replace string on alert

kstone Nov 19, 2019 3:18 PM (in response to luca.vidali)

It is definitely possible. The easiest case is you have a single neighbor IP address and replace it with the same string each time. There is a good example of this in the example scripts in the app directory. The script name is 'Script_replaceText.txt'. The default language for KSS is VBscript so you can create scripts to manage most things.

More complex is having multiple KNOWN neighbors and strings to replace them with. You can manage this a couple of ways:
An 'if' statement for each possibility:
------
if instr(Fields.VarCleanMessageText), <IP Address 1> then
replace(Fields.VarCleanMessageText, <IP Address 1>, <Hostname1>)
end if
if instr(Fields.VarCleanMessageText), <IP Address 2> then
replace(Fields.VarCleanMessageText, <IP Address 2>, <Hostname 2>)
end if
------
You can also use 'case' statements to do the same thing.
1 of 1 people found this helpful
Like (1)

Actions
- Re: Kiwi Syslog - replace string on alert
  
  luca.vidali Nov 20, 2019 9:46 AM (in response to kstone)
  
  Hi Kstone,
  yes exactly I would like to search more peer.
  For this reason today I worked on a script (VB Script) and it works.
  Basically the script do this things:
  1) extract the neighbor IP from the log and save it on a variable (obviusly I filter the log using KSS filter in order to match only the ospf neighbot up/down events)
  2) Then the script search the IP in a CSV file where on the first column I have the nbr IP and in the second column the value that I would like to save in a variable (varcustom) that print out in the alert email
  
  This is the script (i have only to manage the case the the nbr IP is not listed.. new peer.. but this is simple, I'll do it tomorrow) :
  
  Function Main()
  strSyslog = VarRawMessageText
  Set objRE = New RegExp
  
  'Extract Neighbor IP
  With objRE
      .Pattern    = "\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b"
      .IgnoreCase = True
      .Global     = False
  End With
  
  Set objMatch = objRE.Execute( strSyslog )
  
  'Set the Variabe varIP with the neighbor IP to parse the file
  If objMatch.Count = 1 Then
      varIP = objMatch.Item(0)
  End If
  
  Const ForReading = 1
  
  'Create the file system object
  Set fso = CreateObject("Scripting.FileSystemObject")
  
  'Open the source file to read it
  set ts = fso.OpenTextFile("C:\temp\codifica.csv",ForReading)
  
  'Read the file line by line
  Do while not ts.AtEndOfStream
  strLine = ts.ReadLine
  'Split the line on the comma into an array
  strValues = Split(strLine, ",")
  'Check if the dq number matches
  If strValues(0) = varIP Then
  'Get the other values you need
  varCustom01 = strValues(1)
  'Exit the loop
  Exit Do
  End If
  Loop
  
  'Close the file
  ts.Close
  'Clean up
  Set ts = Nothing
  Set fso = Nothing
  
  Main = "OK"
  End Function
  
  Thanks!
  
  Like (0)
  
  Actions

Go to original post