2 Replies Latest reply on Feb 25, 2013 1:16 AM by RichardLetts

    syslog parsing: associating messages with the source node not the syslog forwarder


      We have thousands of network devices all logging to a set of central syslog servers.


      I can get the messages forwarded from the syslog servers, but they all appear to be associated with the server, rather than with the device having the problem, e.g.:


      7/30/2012 1:27:54 PMcompassNoticefpc2/ MIC(2/3) link 4 SFP receive power low  alarm set
      7/30/2012 1:27:52 PMcompassError68.179.204.0/ rpd[1418]: bgp_connect_start: connect 2607:fa78::c (Internal AS 10430): No route to host


      Is there a way to configure the syslog service to parse out the IP address and associate these with the correct device (rather than the syslog server), or am I going to have to update the configurations of the network devices to log to NPM directly.