From: Madden, J. <Joe...@mo...> - 2017-07-23 09:31:18
|
Hi All, I am still trying to get to the bottom of this if anyone has any ideas. Cheers Joe. From: Madden, Joe [mailto:Joe...@mo...] Sent: 18 July 2017 16:11 To: General OpenNMS Discussion <ope...@li...> Subject: [opennms-discuss] Syslog no longer matching post upgrade from 19.0.x to 20.0.1 Hi All, We use a lot of syslog messages which we matching on process match, and Severity. These configurations worked on v19 but not v20. We did update to 20.0.1 to fix the syslogd-configuration.xml re-ordering but the matches which worked before, no longer work. Please see an example syslog message (Below and attached as image): <14>Jul 18 14:31:51 HAL HAL_ASE[-]: Logstash is running ok 18/07/2017 14:31:51.25 Our syslog configuration is like so: <?xml version="1.0"?> <syslogd-configuration> <configuration syslog-port="10514" new-suspect-on-message="false" parser="org.opennms.netmgt.syslogd.CustomSyslogParser" forwarding-regexp="^.*\s(19|20)\d\d([-/.])(0[1-9]|1[012])\2(0[1-9]|[12][0-9]|3[01])(\s+)(\S+)(\s)(\S.+)" matching-group-host="6" matching-group-message="8" discard-uei="DISCARD-MATCHING-MESSAGES" /> <import-file>syslog/Custom.syslog.xml</import-file> <import-file>syslog/ApacheHTTPD.syslog.xml</import-file> <import-file>syslog/LinuxKernel.syslog.xml</import-file> <import-file>syslog/NetgearProsafeSmartSwitch.syslog.xml</import-file> <import-file>syslog/OpenSSH.syslog.xml</import-file> <import-file>syslog/OpenWrt.syslog.xml</import-file> <import-file>syslog/Procmail.syslog.xml</import-file> <import-file>syslog/Postfix.syslog.xml</import-file> <import-file>syslog/Sudo.syslog.xml</import-file> </syslogd-configuration> File: syslog/Custom.syslog.xml <syslogd-configuration-group> <ueiList> <ueiMatch> <process-match expression="^HAL_ASE$" /> <match type="regex" expression="^((.+?) (.*))\r?\n?$"/> <uei>mottmac.com/syslog/Logstash/informational</uei> <severity>Info</severity> </ueiMatch> </ueiList> </syslogd-configuration-group> Any ideas why these would no longer match? Thanks Joe |