DX NetOps

Anyone have any examples on how to take a " major syslog trap" and parse that out to a custom alert? Right now when I get a major or critical, the generic alert which i cant really do much with. 

i get the device name and such but it just falls in a generic bucket.

example:

A MAJOR SYSLOG EVENT HAS OCCURRED

Mar 9, 2018 11:19:02 AM CST

%ENVMON-3-FAN_FAILED: Fan 1 not rotating

alarm title  and alarm type both have this: a major syslog event has occurred

alarm details: An unknown syslog message with a severity of 2 or 3 has been received

what i would like to do is to get the syslog and have the title of this one say:  < devicex> < ip x.x.xx.> %ENVMON-3-FAN_FAILED: Fan 1 not rotating

Hi Dick,

There is detailed explanation in our docs:

https://docops.ca.com/ca-spectrum/10-2-3/en/managing-network/cisco-device-management/cisco-technology-support/syslog-trap-support

You need to create events and modify these files to add entries:

Cisco Router

<$SPECROOT>/SS/CsVendor/Cisco_Router/Rtr.txt

Catalyst Switch

<$SPECROOT>/SS/CsVendor/Ctron_CAT/Switch.txt

Cisco PIX

<$SPECROOT>/SS/CsVendor/CiscoPIX/Pix.txt

Be sure to press the Update Event Configuration button on the VNM each time you make a change to the files.  I would suggest making the addition to all 3 as well... (for consistency sake).

Cheers

Jay

PS.  You could also use event rules to parse that out if you don’t want to edit the files and have the rule generate a new event/alarm…

moved this thread to the CA Spectrum community