Error Code 1807 : Summary Response rule processing execution failed Detail Response rule command runtime execution failed

book

Article ID: 159680

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Reason for the Error executing command: syslog.

Incident Persister logs:

Sep 13, 2012 10:06:18 AM (SEVERE) Thread: 20 [com.vontu.command.CommandRuntime.execute] Error executing command: syslog
com.vontu.command.CommandException: Unable to write to syslog: host=xxxx, port=514
 at com.vontu.incidenthandler.command.enforce.SyslogLogger.execute(SyslogLogger.java:128)
 at com.vontu.command.CommandRuntime.execute(CommandRuntime.java:776)
 at com.vontu.command.CommandRuntime.executeInstructions(CommandRuntime.java:759)
 at com.vontu.command.CommandRuntime.executeCommands(CommandRuntime.java:676)
 at com.vontu.command.CommandRuntime.access$000(CommandRuntime.java:61)
 at com.vontu.command.CommandRuntime$CommandExecutor.run(CommandRuntime.java:1136)
 at edu.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:728)
 at java.lang.Thread.run(Thread.java:662)

Caused by: com.vontu.util.syslog.SyslogException: Syslog message to large: size: 1540 MAX_MESSAGE_SIZE: 1460
 at com.vontu.util.syslog.SyslogMessage.makeBytes(SyslogMessage.java:141)
 at com.vontu.util.syslog.SyslogMessage.<init>(SyslogMessage.java:24)
 at com.vontu.util.syslog.Syslog.syslog(Syslog.java:45)
 at com.vontu.incidenthandler.command.enforce.SyslogLogger.execute(SyslogLogger.java:107)

Resolution

The maximum message limit for the syslog server notifications is 1024 characters. If the custom attributes are being used then the probability for the message to violate that limit is on a higher side.

Based on the above logs we can suggest the customer to go for the fixed content attributes method. For more information on the Syslog notification you may refer to KB TECH221783 - Syslog Notification Fails to Send.

 

If that is not possible please refer to the below Product Enhancement Request.

Enhancement Request "PM-1649".

It is to Add configuration setting to allow sending syslog messages over 1024 characters which is the standard max allowed.