2 Replies Latest reply on Feb 25, 2013 1:16 AM by RichardLetts

    syslog parsing: associating messages with the source node not the syslog forwarder

    RichardLetts

      We have thousands of network devices all logging to a set of central syslog servers.

       

      I can get the messages forwarded from the syslog servers, but they all appear to be associated with the server, rather than with the device having the problem, e.g.:

       

      7/30/2012 1:27:54 PMcompassNoticefpc2/68.179.203.72 MIC(2/3) link 4 SFP receive power low  alarm set
      7/30/2012 1:27:52 PMcompassError68.179.204.0/68.179.204.0 rpd[1418]: bgp_connect_start: connect 2607:fa78::c (Internal AS 10430): No route to host

       

      Is there a way to configure the syslog service to parse out the IP address and associate these with the correct device (rather than the syslog server), or am I going to have to update the configurations of the network devices to log to NPM directly.

       

      Thanks

       

      /RjL