Discarding unwanted syslog events.
search cancel

Discarding unwanted syslog events.

book

Article ID: 323807

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:

How to discard unwanted syslog events in Smarts?
Receive certain syslog messages in Smarts.
Can user specify which syslog messages to receive in Smarts SAM?
How do user disable syslog logging, or at least set a different facility/priority?

Environment

Smarts - 10.1.x

Resolution

  • Open the my_hook_syslog.asl file for editing using sm_edit as follows:

    <BASEDIR>/SAM/smarts/bin/sm_edit rules/icoi-syslog/my_hook_syslog.asl 
  • For each of the syslog messages user want to discard, set DISCARD = "TRUE" in the my_hook_syslog.asl file. User can choose to discard syslog messages based on EVENTTEXT, APPLICATION_NAME, HOST, EVENTNAME and other attributes, based on their requirements. See the following "Example" section for more details.
  • Restart the syslog adapter to apply the change

 

Example my_hook_syslog.asl file to discard messages containing "Non Network" and "Cisco" in EVENTTEXT:

The following my_hook_syslog.asl file example contains two "If" statements that would be used to discard messages where EVENTTEXT contains the word "Non Network" and "Cisco". You can add as many If statements as you require for each unwanted syslog message/event.

Note: Do not modify the DISCARD value at the beginning of the my_hook_syslog.asl file. This DISCARD value must remain FALSE as shown in the following, or no syslog events will be received at all.

 

MODIFY_ATTRIBUTES {

} do {

    DISCARD = "FALSE";

    CLEAR_SYSLOG = "FALSE";

    BATCH_NOTIFY_INTERVAL = 10;

 

    CLASSNAME = "Syslog" ? LOG;

    INSTANCENAME = HOST."_".APPLICATION_NAME."_".PROCESS_ID ? LOG;

    EVENTNAME = slice ? LOG;

    SEVERITY = "2" ? LOG;

    EVENTTEXT = MESSAGE ? LOG;

    CATEGORY = "" ? LOG;

    EXPIRATION = "7200" ? LOG;

    STATE = "NOTIFY" ? LOG;

    INMAINTENANCE = "FALSE" ? LOG;

    CLEARONACKNOWLEDGE = "TRUE" ? LOG;

    EVENTTYPE = "DURABLE" ? LOG;

    USERDEFINED1 = "" ? LOG;

    USERDEFINED2 = "" ? LOG;

    USERDEFINED3 = "" ? LOG;

    USERDEFINED4 = "" ? LOG;

    USERDEFINED5 = "" ? LOG;

    USERDEFINED6 = "" ? LOG;

    USERDEFINED7 = "" ? LOG;

    USERDEFINED8 = "" ? LOG;

    USERDEFINED9 = "" ? LOG;

    USERDEFINED10 = "" ? LOG;

 

    ELEMENTCLASSNAME = "Host";

    ELEMENTNAME = HOST;

    SYSNAMEORADDR = HOST;

    UNKNOWNAGENT = "IGNORE";

    LOGFILE = "NONE";

 

    if ( glob("*Non Network*", EVENTTEXT) ) {

         DISCARD = "TRUE",

    }

 

    if ( glob("*Cisco*", EVENTTEXT) ) {

        DISCARD = "TRUE",

    }

}