Hi:
I have been managing the Netcool/IBM product. Recently we have also implemented Cacti in our environment.
I receive following syslog message from Cacti server
Nov 22 13:32:17 [<IP>] localhost CactiTholdLog[16164]: ME344XD28101 - Active Calls [snmp_oid] went above threshold of 20 with 23 at trigger 1 out of 1 - http://<IP>//graph.php?local_graph_id=176&rra_id=all
But the syslog probe is expecting the message in different format like:
Nov 22 15:08:08 ME538XC35602 65989: Nov 22 15:08:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/21, changed state to up
When I turn on debug mode, the process not going to any rules file and failing before itself.
How do we change the syslog message format at the Cacti server side before sending the message to Netcool server.
Thank You
Ramesh Vasudevan
Netcool rules for Cacti TholdLog syslog message
Moderators: Developers, Moderators
-
rameshbalajiv
- Posts: 6
- Joined: Tue Nov 22, 2011 3:02 pm
-
TheWitness
- Developer
- Posts: 17047
- Joined: Tue May 14, 2002 5:08 pm
- Location: MI, USA
- Contact:
Re: Netcool rules for Cacti TholdLog syslog message
Why are you double posting?
True understanding begins only when we realize how little we truly understand...
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Life is an adventure, let yours begin with Cacti!
Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages
For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
-
rameshbalajiv
- Posts: 6
- Joined: Tue Nov 22, 2011 3:02 pm
Re: Netcool rules for Cacti TholdLog syslog message
Sir:
I have posted this message, as I thought it's specific to the Thold plug-in and thought I can reach appropriate audiance.
Thank You
Ramesh Vasudevan
I have posted this message, as I thought it's specific to the Thold plug-in and thought I can reach appropriate audiance.
Thank You
Ramesh Vasudevan
-
rameshbalajiv
- Posts: 6
- Joined: Tue Nov 22, 2011 3:02 pm
Re: Netcool rules for Cacti TholdLog syslog message
All:
I have updated the existing cisco syslog probe rules file to display the Cacti syslog message as follows:
# Added following rules to process and resolve Cacti Threshold Messages
default:
if(regmatch($Token6, "^CactiTholdLog"))
{
log(DEBUG, "<<<<< Entering... after CactiTholdlog found >>>>>")
@Node = $Token7
@NodeAlias = $Token7
@AlertGroup = "Cacti Threshold Log"
@AlertKey = ""
$Message = ltrim(rtrim(extract($Details, "- (.*)$")))
@Summary = $Message
if(regmatch($Message,"^Active Calls"))
{
@Severity = 2
}
if(regmatch($Message, "^CPU"))
{
if(match($Token11, "restored"))
{
@Severity = 2
}
if(match($Token12, "above"))
{
@Severity = 5
}
}
if(regmatch($Message, "^Traffic"))
{
if(match($Token15, "restored"))
{
@Severity = 2
}
if(match($Token16, "above"))
{
@Severity = 5
}
}
@Type = 1
@Identifier = @Node + " " + @AlertGroup + " " + @Manager + " " + $Details
details($*)
log(DEBUG, "<<<<< Leaving... leaving CactiTholdlog found >>>>>")
log(WARNING, "<<<<< Leaving... leaving CactiTholdlog found >>>>>")
}
else
{
#discard
@AlertGroup = "[Generic Syslog]"
@AlertKey = ""
@Summary = $Details
@Severity = 2
@Type = 1
@Identifier = @Node + " " + @AlertGroup + " " + @Manager + " " + $Details
details($*)
}
}
}
$OS_LocalNodeAlias = @Node
}
Recycle netcool syslog probe.
Hope this helps.
Thank You
Ramesh Vasudevan
I have updated the existing cisco syslog probe rules file to display the Cacti syslog message as follows:
# Added following rules to process and resolve Cacti Threshold Messages
default:
if(regmatch($Token6, "^CactiTholdLog"))
{
log(DEBUG, "<<<<< Entering... after CactiTholdlog found >>>>>")
@Node = $Token7
@NodeAlias = $Token7
@AlertGroup = "Cacti Threshold Log"
@AlertKey = ""
$Message = ltrim(rtrim(extract($Details, "- (.*)$")))
@Summary = $Message
if(regmatch($Message,"^Active Calls"))
{
@Severity = 2
}
if(regmatch($Message, "^CPU"))
{
if(match($Token11, "restored"))
{
@Severity = 2
}
if(match($Token12, "above"))
{
@Severity = 5
}
}
if(regmatch($Message, "^Traffic"))
{
if(match($Token15, "restored"))
{
@Severity = 2
}
if(match($Token16, "above"))
{
@Severity = 5
}
}
@Type = 1
@Identifier = @Node + " " + @AlertGroup + " " + @Manager + " " + $Details
details($*)
log(DEBUG, "<<<<< Leaving... leaving CactiTholdlog found >>>>>")
log(WARNING, "<<<<< Leaving... leaving CactiTholdlog found >>>>>")
}
else
{
#discard
@AlertGroup = "[Generic Syslog]"
@AlertKey = ""
@Summary = $Details
@Severity = 2
@Type = 1
@Identifier = @Node + " " + @AlertGroup + " " + @Manager + " " + $Details
details($*)
}
}
}
$OS_LocalNodeAlias = @Node
}
Recycle netcool syslog probe.
Hope this helps.
Thank You
Ramesh Vasudevan
Who is online
Users browsing this forum: No registered users and 0 guests