How to discard unwanted syslog events in Smarts?
Receive certain syslog messages in Smarts.
Can user specify which syslog messages to receive in Smarts SAM?
How do user disable syslog logging, or at least set a different facility/priority?
Smarts - 10.1.x
<BASEDIR>/SAM/smarts/bin/sm_edit rules/icoi-syslog/my_hook_syslog.asl
DISCARD = "TRUE"
in the my_hook_syslog.asl file. User can choose to discard syslog messages based on EVENTTEXT, APPLICATION_NAME, HOST, EVENTNAME and other attributes, based on their requirements. See the following "Example" section for more details.
Example my_hook_syslog.asl file to discard messages containing "Non Network" and "Cisco" in EVENTTEXT:
The following my_hook_syslog.asl file example contains two "If" statements that would be used to discard messages where EVENTTEXT contains the word "Non Network
" and "Cisco
". You can add as many If statements as you require for each unwanted syslog message/event.
Note: Do not modify the DISCARD value at the beginning of the my_hook_syslog.asl file. This DISCARD value must remain FALSE as shown in the following, or no syslog events will be received at all.
MODIFY_ATTRIBUTES {
} do {
DISCARD = "FALSE";
CLEAR_SYSLOG = "FALSE";
BATCH_NOTIFY_INTERVAL = 10;
CLASSNAME = "Syslog" ? LOG;
INSTANCENAME = HOST."_".APPLICATION_NAME."_".PROCESS_ID ? LOG;
EVENTNAME = slice ? LOG;
SEVERITY = "2" ? LOG;
EVENTTEXT = MESSAGE ? LOG;
CATEGORY = "" ? LOG;
EXPIRATION = "7200" ? LOG;
STATE = "NOTIFY" ? LOG;
INMAINTENANCE = "FALSE" ? LOG;
CLEARONACKNOWLEDGE = "TRUE" ? LOG;
EVENTTYPE = "DURABLE" ? LOG;
USERDEFINED1 = "" ? LOG;
USERDEFINED2 = "" ? LOG;
USERDEFINED3 = "" ? LOG;
USERDEFINED4 = "" ? LOG;
USERDEFINED5 = "" ? LOG;
USERDEFINED6 = "" ? LOG;
USERDEFINED7 = "" ? LOG;
USERDEFINED8 = "" ? LOG;
USERDEFINED9 = "" ? LOG;
USERDEFINED10 = "" ? LOG;
ELEMENTCLASSNAME = "Host";
ELEMENTNAME = HOST;
SYSNAMEORADDR = HOST;
UNKNOWNAGENT = "IGNORE";
LOGFILE = "NONE";
if ( glob("*Non Network*", EVENTTEXT) ) {
DISCARD = "TRUE",
}
if ( glob("*Cisco*", EVENTTEXT) ) {
DISCARD = "TRUE",
}
}