Unable to send only admin-activity logs to syslog server, however VNM model all events shown including admin-activity
search cancel

Unable to send only admin-activity logs to syslog server, however VNM model all events shown including admin-activity

book

Article ID: 420988

calendar_today

Updated On:

Products

Spectrum Network Observability

Issue/Introduction

Syslog server in One Click has been configured to send all the user logs to Syslog server. However we are only seeing "User activity" and "User security" logs, but not "Admin logs". The VNM model shows all events including admin-activity.

Configuration followed the steps as per:

TechDocs : DX NetOps Spectrum 24.3 : Sending OneClick Events as Syslog Messages

User activity" and "User security" logs seen at Syslog server but "not admin-activity logs". 

The following events should also be forwarded to Syslog server from OneClick:


However, after checking the filters in rsyslog-event-processing-filter.xml are set correctly under:

$SPECROOT/tomcat/webapps/spectrum/WEB-INF/repmgr/config

The admin-user activity messages are not sent to Syslog.

Environment

DX NetOps Spectrum all currently supported releases

Cause

The user admin activity events are getting logged in tomcat as follows but are not being forwarded on:

2025-11-06 15:29:16,360 [SRM/LandscapeManager/LandscapeThread_0] INFO  com.aprisma.util.syslog.UserActivity - CEF:0| Broadcom | DX NetOps Spectrum |24.3.12.0.14|509|USER SPECIFIC ACTIVITY|1|cat= user-activity  duser=spectrum@SpectroSERVER. msg= Event time: 11/06/2025 15:28:57 A model has been created.  The model is SimXXXXX:System of type Rtr_Cisco created by spectrum@SpectroSERVER.
 

Resolution

After restarting the Spectrum tomcat and WebTomcat services, the admin activity events are showing in logs and being sent Syslog server.

Powered by Wolken Software