Reason for the Error executing command: syslog.
Incident Persister logs:
Sep 13, 2012 10:06:18 AM (SEVERE) Thread: 20 [com.vontu.command.CommandRuntime.execute] Error executing command: syslog
com.vontu.command.CommandException: Unable to write to syslog: host=xxxx, port=514
at com.vontu.incidenthandler.command.enforce.SyslogLogger.execute(SyslogLogger.java:128)
at com.vontu.command.CommandRuntime.execute(CommandRuntime.java:776)
at com.vontu.command.CommandRuntime.executeInstructions(CommandRuntime.java:759)
at com.vontu.command.CommandRuntime.executeCommands(CommandRuntime.java:676)
at com.vontu.command.CommandRuntime.access$000(CommandRuntime.java:61)
at com.vontu.command.CommandRuntime$CommandExecutor.run(CommandRuntime.java:1136)
at edu.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:728)
at java.lang.Thread.run(Thread.java:662)
Caused by: com.vontu.util.syslog.SyslogException: Syslog message to large: size: 1540 MAX_MESSAGE_SIZE: 1460
at com.vontu.util.syslog.SyslogMessage.makeBytes(SyslogMessage.java:141)
at com.vontu.util.syslog.SyslogMessage.<init>(SyslogMessage.java:24)
at com.vontu.util.syslog.Syslog.syslog(Syslog.java:45)
at com.vontu.incidenthandler.command.enforce.SyslogLogger.execute(SyslogLogger.java:107)
The maximum message limit for the syslog server notifications is 1024 characters. If the custom attributes are being used then the probability for the message to violate that limit is on a higher side.
Based on the above logs we can suggest the customer to go for the fixed content attributes method. For more information on the Syslog notification you may refer to KB TECH221783 - Syslog Notification Fails to Send.
If that is not possible please refer to the below Product Enhancement Request.
Enhancement Request "PM-1649".
It is to Add configuration setting to allow sending syslog messages over 1024 characters which is the standard max allowed.