2 Replies Latest reply on Jul 15, 2011 1:48 AM by Ciag

    Request to make Syslog Alerts actually function


      I know others are having the same issues with Syslog reporting but I need to add my name to list of dissatisfied users. I am amazed that this basic functionality is so broken. Doesn't everyone archive important syslog information?

      I am attempting archive syslog information to file using Orion NPM. To help automate this task I tried to return date and time information via Syslog Variables and incorporate that information in the alert to create the destination file name and directory based on the date onwhich the syslog information was received.

      For example I would like to configure an Alert Action of ‘Log Message to a File’ as follows

      Alert Log File - D:\Syslog_Archive\${Year}\${MMM}\${N},${Year}-${DNS}.txt

      Message to Log in File: ${DateTime} SEV:${Severity} ${Hostname} ${Message}

      This should create a nice directory structure with files named and dated based on the reporting device and the date.

      Unfortunately there seem to be a number of issues with use of syslog variables. Below are some examples of the data I am getting back for various variables. For reference, the correct month in the following test results should be 08. The data '35' returned below seems to be the current minute.

      Variable Returned Data
      ${Date} 8/23/2010
      ${dd} 23
      ${d} 8/23/2010 **
      ${M} August 23 **
      ${n} August 23
      ${MM} 35 **
      ${MMM} 35 **
      ${month} August 23 **
      The items marked with ** are either incorrect or are not returned per the information in the help documentation.

      Some other observations:

      The ${N} variable in the file name is often not resolved and the resultant file name is ${N},2010-hostname.txt rather than August 23, 2010-hostname.txt.

      Solarwinds will create files using the above variables (sort of) but it will not create directories. So using \${Year} or \${MMM} in the directory path does not work unless that directory already exists.

      Does anyone have any sort of a workaround or alternative method for this? I really don't want to use Kiwi when we already have NPM installed.