3 Replies Latest reply on Jul 7, 2008 8:17 AM by odelay

    Syslog alerts and DNS

      I'm having issues getting the Orion v8.5.1 Syslog Service to include the hostname of a device in the email alerts that it forwards. I have tried contacting EMEA support directly about this, but they weren't able to provide a solution.

      We want the syslog service to work in the same way that Cisco Works does, and include the hostname of a device in the subject of an email alert:

      I have created various syslog alert types, config changes, EIGRP neighbour changes, BGP neighbour changes etc., and added alert actions to send an email using the following macros:


      Configuration Change: ${DNS} - ${IP}


      Timestamp: ${DateTime}

      Message Type: ${MESSAGETYPE} 

      Message: ${MESSAGE}

      This doesn't work. The email that is sent displays the IP address of the originating device twice, once for the ${DNS} macro and once for the ${IP} macro.

      I have also tried using the ${Hostname} macro with the same results. Some of our kit is in DNS, some is in a local hosts file. I get the same results with both.

       However, when I view the Syslog Viewer on the Orion server, the DNS column is being correctly propogated with the originating device's hostname, whether it's in DNS or the local hosts file.

      So, is this a timing thing? Is it sending the email before it has had a chance to get the hostname from DNS?

      Why does it work in the Syslog Viewer, but not in the Email Alert?

      I am aware of the option to use the command on cisco devices to include the hostname in the message, but this doesn't help, as it is just included in the message itself, therefore the only way of having the originating device's hostname displayed in the email subject, would be to have the entire syslog messge in the subject (using the ${MESSAGE} macro), not ideal.

      Anyone got any ideas???



      Surely this is possible? Seems pretty useless to me without this ability.

        • Re: Syslog alerts and DNS

          might try just using ${NodeName}

          if that does not give desired effect then try this...

          ${SQL: Select Nodes.SysName FROM Nodes WHERE Nodes.NodeID = ${NodeID}}

           hope one of those works for you.

            • Re: Syslog alerts and DNS

              Thanks, but unfortunately not.

              Also tried ${SQL: Select Nodes.SysName FROM Nodes WHERE Nodes.IP_Address = ${IP}}, as ${NodeID} is not a valid variable in the Syslog Server, but ${IP} is.

                • Re: Syslog alerts and DNS

                  Anyone got any further thoughts on this? Or could I get some response from the SW admins?

                   It seems this has been ignored in v9 again. So the functionality of sending email alerts for syslog messages is essentially useless, unless you know the IP address of every device on your network.

                  This is obviously a bug, as the "DNS" field in the syslog server is getting correctly propogated with the hostnames of devices, but the ${DNS} macro does not work when sending the alert as an email. Can I get some confirmation that this is a known bug, and some idea of when it will be fixed, or will will need to start looking at alternative solutions.