- Community Home
- >
- Networking
- >
- IMC
- >
- Re: iMC Syslog Email Alerts
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2014 05:02 PM
03-31-2014 05:02 PM
iMC Syslog Email Alerts
I am trying to move from PCM 4 to iCM 7 and I'm starting with the very useful alerts that I used to have in PCM. Most of my PCM alerts were simply syslog partial matches of an event description (e.g. "Over Current", "Bpdu recieved", etc.). I see that this functionality is supposed to exist in iCM under the Syslog to Alarm function but I cannot get this to work. I setup a Syslog template with a wildcard match and then created a Syslog to Alarm entry for this template. When I browse the syslog I see events populating that should match the wildcard entry but nothing shows in "All Alarms" (I've even tried very general wildcards like *received* or *on*) which indicates to me that the alarms is not getting generated. But what is even more troubling is that I do not think that I would be able to receive an email for the alarm even it was being generated This is because when I look at Alarm Notification and look at what Alarms can be selected it only lists the snmp traps not the Alarms that are defined in iCM. I prefer syslog based alarms because in my experience they tend to be more reliable than trapping. So does anyone have this working in iMC version 7, i.e. syslog to alarm wildcarded matches with email notifications? Thank you.
- Tags:
- syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-31-2014 06:27 PM
03-31-2014 06:27 PM
Re: iMC Syslog Email Alerts
When configuring your alarm to Email rule, look for the "imc Syslog" group - this contains traps you can use for syslogs escalated to alarms.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2014 07:56 AM
04-01-2014 07:56 AM
Re: iMC Syslog Email Alerts
Do you mean iMC -> Syslog -> "Trap upgraded from syslog"? Also my other issue is that I do not see my Syslog to Alarm entries in All Alarms. So I suspect they are not functioning properly. My setup is:
Syslog Type Any Syslog Level Emergency Alert Critical Error Warning Notification Informational Debugging Repeat Interval (second) 300 Repeat Times (Times) 50 Alarm Level Major Alarm Description %Syslog% Forward to SCC No Syslog Template
*disabled*
I've followed the Admin Guide as well as the short write-up in this article but I still do not see the Syslog to Alarms showing up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2014 02:24 AM
05-20-2014 02:24 AM
Re: iMC Syslog Email Alerts
hey
there is a filter rule in Trap Management.
go to Trap Management -> Filter Trap -> Duplicate Trap Filter -> Unfiltered Duplicate Traps and add "Trap upgraded from syslog".
best regards,
luki
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-20-2014 02:27 AM
05-20-2014 02:27 AM
Re: iMC Syslog Email Alerts
ah and set the Repeat Interval and Repeat Times to 1!
with your setup you need 50 syslog matches in 300 seconds to trigger the alarm.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2014 08:12 AM
05-21-2014 08:12 AM
Re: iMC Syslog Email Alerts
I am trying to do a very similar thing. I have my windows servers forwarding their warning and above events to the IMC (version 7). I want to be able to get this events turned into alarms with the end-goal of these events being emailed to me. I'm guessing that I have to create an Syslog template? Also need to Syslog to Alarm? From there it needs to somehow be escalated to an IMC reportable alarm? Trouble is, I can't get past first base so far--template. I want the following server events to report to me: Application, Hardware, and System. I have not been able to create the variables (parameters) to make any of this happen. Has anyone had any success in getting from point A to Z as I'm trying to do?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2014 09:14 PM
05-21-2014 09:14 PM
Re: iMC Syslog Email Alerts
How are you forwarding the Windows Events to the IMC server?
Assuming you're using a 3rd-party tool to send them as syslogs, then we should be able to work through the rest.
First part though - get the logs showing up on IMC under Alarm -> Syslog Management -> Browse Syslog.
Do your events show up there?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2014 05:21 AM
05-22-2014 05:21 AM
Re: iMC Syslog Email Alerts
Right now, I'm using Solarwinds windows log forwarder to send the logs. I'm only using a couple of servers at the moment and when I generate test events, they do show up in the syslog browser. thanks for responding.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-22-2014 05:05 PM
05-22-2014 05:05 PM
Re: iMC Syslog Email Alerts
OK, that's a good start. What format are the logs showing up as? Can you give us a screenshot of a couple of the log entries?
I'm doing something similar with nxlog in my lab, but it will be formatting the syslog messages slightly differently to what you're using.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2014 04:18 AM
05-23-2014 04:18 AM
Re: iMC Syslog Email Alerts
I'll be very happy to provide screenshots. I am out of town until next Thursday. I will post the information then. Have a great Memorial Weekend!