syslog messages are always forwarded as Local7.Debug

ulliGT · March 3, 2010, 5:32pm

Hi again!

For we’re running a central syslog server to collect all information centrally I created a notification in the dude that forwards events to that syslog server. so far that’s working quite fine. the only issue is that ALL forwarded messages from the dude have the priority “Local7.Debug” and I cannot find a way to change that. Does anybody know how I can alter the priority so the forwarded dude message do not pop up on the syslog screen as harmless debug messages?!

thank you very much!
ulli.

gsandul · March 5, 2010, 7:55am

You can do it.
To specify different priority you must send it at the begining of the syslog message.
Acording to syslog message format priority is a number in <> at the begining of message.
For example if you need to set priority as local0.warning you must create notification as follows

<?xml version="1.0" ?> 24 3823949 Syslog_Local0.warning_1 2 **<132>**Service [Probe.Name] on [Device.Name] is now [Service.Status] ([Service.ProblemDescription]) 192.168.0.60

<132> is <132>
132dec = 10000100 bin
first 5 digits - 10000 syslog_facilities eg 16
last 3 digits - 100 syslog_priorities eg 4

%syslog_facilities=(
kern => 0,
user => 1,
mail => 2,
daemon => 3,
auth => 4,
syslog => 5,
lpr => 6,
news => 7,
uucp => 8,
cron => 9,
authpriv=> 10,
ftp => 11,
local0 => 16,
local1 => 17,
local2 => 18,
local3 => 19,
local4 => 20,
local5 => 21,
local6 => 22,
);

%syslog_priorities=(
emerg => 0,
alert => 1,
crit => 2,
err => 3,
warning => 4,
notice => 5,
info => 6,
debug => 7
);

hope it helps.

ulliGT · March 10, 2010, 9:43am

Hi Gsandul!

Thank you for your detailed reply! I do understand what you mean but I must confess that I so not know where I can change these settings. I have already looked in every corner of the notifications menu but cannot find a way to enter a custom header… can you help me with another hint?

thank you very much!
ulli()

gsandul · March 11, 2010, 7:17am

You can create custom notifications. For example

and this notification you can map to a service.
When the service will change the state syslog message will be generated and you will receive message on syslog server with Local0.warning, if you need to receive for example Local0.err for some services state change, you can create and map it to another service

when you configure notification for a service you can choose the notification type to send when the service state is changed

Is it clear?

ulliGT · March 11, 2010, 1:55pm

works perfectly! thank you very much!

ulliGT · April 26, 2010, 3:29pm

Hello

After tweaking of the facility and severity worked out so well, I am now looking for a way to send the syslog message not with the source address of the dude server, but with the one of the client that needs a notification to be sent.

I found out that putting “Original Address=[Device.FirstAddress]” at the start of the syslog message should do the trick. My (kiwi) syslog server well does filter out this text fragment an doesn’t display it as part of the message but it unfortunately does not use that address as source address.

does anybody know a way of how to achieve this?

thank you very much!
ulli()

ulliGT · April 26, 2010, 3:37pm

I found my mistake! The above discribed way works if you leave a blank after the “]”. The message has to look something like this:

<133>Original Address=[Device.FirstAddress] The Temperature at [Device.Name] is [Service.ProblemDescription]