From: Cyrille B. <cyr...@gm...> - 2017-07-23 20:49:35
|
Hi Joe, Usually, turning syslogd's log level to TRACE (in file log4j2.xml) shows enough information to debug such issue. Br, Cyrille 2017-07-23 11:15 GMT+02:00 Madden, Joe <Joe...@mo...>: > Hi All, > > > > I am still trying to get to the bottom of this if anyone has any ideas. > > > > > > Cheers > > > > Joe. > > > > *From:* Madden, Joe [mailto:Joe...@mo...] > *Sent:* 18 July 2017 16:11 > *To:* General OpenNMS Discussion <ope...@li...> > *Subject:* [opennms-discuss] Syslog no longer matching post upgrade from > 19.0.x to 20.0.1 > > > > Hi All, > > > > We use a lot of syslog messages which we matching on process match, and > Severity. > > > > These configurations worked on v19 but not v20. We did update to 20.0.1 to > fix the syslogd-configuration.xml re-ordering but the matches which worked > before, no longer work. > > > > Please see an example syslog message (Below and attached as image): > > > > <14>Jul 18 14:31:51 HAL HAL_ASE[-]: Logstash is running ok 18/07/2017 > 14:31:51.25 > > > > > > Our syslog configuration is like so: > > > > <?xml version="1.0"?> > > > > <syslogd-configuration> > > <configuration > > syslog-port="10514" > > new-suspect-on-message="false" > > parser="org.opennms.netmgt.syslogd.CustomSyslogParser" > > forwarding-regexp="^.*\s(19|20)\d\d([-/.])(0[1-9]|1[012])\ > 2(0[1-9]|[12][0-9]|3[01])(\s+)(\S+)(\s)(\S.+)" > > matching-group-host="6" > > matching-group-message="8" > > discard-uei="DISCARD-MATCHING-MESSAGES" > > /> > > > > <import-file>syslog/Custom.syslog.xml</import-file> > > <import-file>syslog/ApacheHTTPD.syslog.xml</import-file> > > <import-file>syslog/LinuxKernel.syslog.xml</import-file> > > <import-file>syslog/NetgearProsafeSmartSwitch.syslog.xml</import-file> > > <import-file>syslog/OpenSSH.syslog.xml</import-file> > > <import-file>syslog/OpenWrt.syslog.xml</import-file> > > <import-file>syslog/Procmail.syslog.xml</import-file> > > <import-file>syslog/Postfix.syslog.xml</import-file> > > <import-file>syslog/Sudo.syslog.xml</import-file> > > > > > > > > </syslogd-configuration> > > > > File: syslog/Custom.syslog.xml > > > > <syslogd-configuration-group> > > <ueiList> > > <ueiMatch> > > <process-match expression="^HAL_ASE$" /> > > <match type="regex" expression="^((.+?) (.*))\r?\n?$"/> > > <uei>mottmac.com/syslog/Logstash/informational</uei> > > <severity>Info</severity> > > </ueiMatch> > > </ueiList> > > </syslogd-configuration-group> > > > > > > Any ideas why these would no longer match? > > > > Thanks > > > > Joe > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Please read the OpenNMS Mailing List FAQ: > http://www.opennms.org/index.php/Mailing_List_FAQ > > opennms-discuss mailing list > > To *unsubscribe* or change your subscription options, see the bottom of > this page: > https://lists.sourceforge.net/lists/listinfo/opennms-discuss > |