Network Management

Hello,

I have some problems finding out how i can enlarge the amount of syslog events in the imc syslog database.

I already made some changes in imc (data export, no time en 2 million events), but whatever i do i only see events for 1 hour. Sometimes there are 5.000 another time there are 12.000 syslog events.

I also read somewhere that you can enlarge the syslog database when you disable data export, but how do i do that.

 

Thanks in advance,

 

Marcel

 

 

#syslog

Hello,

 

Try looking in IMC under System > System Configuration > Data Export.

 

There should be a tab for Syslog where you can modify the Export Triggers associated with the Syslog data.

 

Hope it helps!

The 2 million syslog events are reached very quickly in our network.

How can i disable this data export.

The By Time i can remove, but the by quantity is greyed out.

 

I have attached an printscreen about this.

Thanks in advance

 

Marcel

If you're quickly receiving 2 million syslog events, then you probably need to reconsider your overall approach to syslog collection.

I would use a combination of filtering (stop syslogs being generated in the first place, change the level you collect logs at - e.g. disable debug, etc.). If you need to store/parse very large volumes of syslogs, it's probably better to use a dedicated system, such as Graylog2, or Splunk if you can afford it.

I have got a different Syslog Event problem. I have to create a Syslog to Alarm event. 

I have created the Syslog Template first then a Syslog to Alarm rule. 

Test showing when the event occur, the related Syslog generated in the Syslog List, and I have also got an Alarm created based on the Syslog message. It seems the system and the settings works well.  

BUT,unfortunately works only ones. Not a single alarm generated after the first. 

I can only make it work if I restart the  IMCFAULTDM.EXE on IMC Server. And again system sends one single alarm.

I have also changed the following settings:

Set Syslog to Alarm - repeat interval second from 300 to 1

Repeat times from 5 to 1

 

I have also tried to resolve the generated alarm, then tested for a new alarm, but nothing come through.

 

I have also experienced if the same event occur on a different switch, an alarm generated. But again only ones. 

 

What am I doing wrong? Or could be a bug?

 

Thanks much

 

#alarm
#Rules
#syslog
#Templates

Hello Lajos:
 Do you have solved the issue? I have the same issue, exactly the same.

I thing that is a configuration problem, not a bug.

Thanks in advance.

Hugo

#Templates
#Rules
#alarm
#syslog

Hi, 

I'm coming across the exact same problem, where to syslog-to-alarm only works first time. Any subsequent similar syslog messages that match the template are not forwarded to alarm

Did you figure out what was causing the issue ?

 

I followed the condfig guide similar to how you did

thanks

Ger

Hi,

 

i found how do you can see more log than from the last hour. It very easy  
Alarm -> Syslog Management -> Browse Syslog -> At the top right there is the field IP Address and a down arrow It call "Advanced" Click on that and you can choose between Last hour and Last 7 Days. 

crazy ))