Smarts SAM: How to discard unwanted sysLog events
Article ID: 323807
Updated On:
Products
VMware
Issue/Introduction
Symptoms:
How to discard unwanted sysLog events
Do not want to receive certain syslog messages
Can I specify which sysLog messages I want to receive in Smarts SAM?
Receiving unwanted sysLog event messages
How do I disable syslog logging, or at least set a different facility / priority?
How to discard unwanted sysLog events
Do not want to receive certain syslog messages
Can I specify which sysLog messages I want to receive in Smarts SAM?
Receiving unwanted sysLog event messages
How do I disable syslog logging, or at least set a different facility / priority?
Environment
VMware Smart Assurance - SMARTS
Resolution
To prevent receiving unwanted sysLog event messages, do the following:
-
Open the my_hook_syslog.asl file for editing using sm_edit as follows:
<BASEDIR>/SAM/smarts/bin/sm_edit rules/icoi-syslog/my_hook_syslog.asl -
For each of the sysLog messages you want to discard, set DISCARD = "TRUE" in the my_hook_syslog.asl file. You can choose to discard sysLog messages based on EVENTTEXT, APPLICATION_NAME, HOST, EVENTNAME and other attributes, based on your requirements. See the following "Example" section in this Fix statement.
-
Restart the sysLog adapter to apply the change.
Example my_hook_syslog.asl file to discard messages containing "Non Network" and "Cisco" EVENTTEXT
The following my_hook_syslog.asl file example contains two If statement examples that would be used to discard messages where EVENTTEXT contains the word "Non Network" and "Cisco". You can add as many If statements as you require for each unwanted sysLog message/event.
Note: Do not modify the DISCARD value at the beginning of the my_hook_syslog.asl file. This DISCARD value must remain FALSE as shown in the following, or no sysLog events will be received at all:
MODIFY_ATTRIBUTES {
} do {
DISCARD = "FALSE"; CLEAR_SYSLOG = "FALSE"; BATCH_NOTIFY_INTERVAL = 10; CLASSNAME = "Syslog" ? LOG; INSTANCENAME = HOST."_".APPLICATION_NAME."_".PROCESS_ID ? LOG; EVENTNAME = slice ? LOG; SEVERITY = "2" ? LOG; EVENTTEXT = MESSAGE ? LOG; CATEGORY = "" ? LOG; EXPIRATION = "7200" ? LOG; STATE = "NOTIFY" ? LOG; INMAINTENANCE = "FALSE" ? LOG; CLEARONACKNOWLEDGE = "TRUE" ? LOG; EVENTTYPE = "DURABLE" ? LOG; USERDEFINED1 = "" ? LOG; USERDEFINED2 = "" ? LOG; USERDEFINED3 = "" ? LOG; USERDEFINED4 = "" ? LOG; USERDEFINED5 = "" ? LOG; USERDEFINED6 = "" ? LOG; USERDEFINED7 = "" ? LOG; USERDEFINED8 = "" ? LOG; USERDEFINED9 = "" ? LOG; USERDEFINED10 = "" ? LOG; ELEMENTCLASSNAME = "Host"; ELEMENTNAME = HOST; SYSNAMEORADDR = HOST; UNKNOWNAGENT = "IGNORE"; LOGFILE = "NONE"; if ( glob("*Non Network*", EVENTTEXT) ) { DISCARD = "TRUE", } if ( glob("*Cisco*", EVENTTEXT) ) {DISCARD = "TRUE", } }
Feedback
Yes
No
Powered by
