HPE Community
IMC
1752794 Members
6552 Online
108789 Solutions
New Discussion

Re: imc syslog events

 
SOLVED
Go to solution
marcelsun
Occasional Visitor

‎05-21-2014 11:50 PM

‎05-21-2014 11:50 PM

imc syslog events

Hello,

I have some problems finding out how i can enlarge the amount of syslog events in the imc syslog database.

I already made some changes in imc (data export, no time en 2 million events), but whatever i do i only see events for 1 hour. Sometimes there are 5.000 another time there are 12.000 syslog events.

I also read somewhere that you can enlarge the syslog database when you disable data export, but how do i do that.

 

Thanks in advance,

 

Marcel

 

 

0 Kudos
7 REPLIES 7
Jarret Workman
HPE Pro

‎06-17-2014 01:34 PM

‎06-17-2014 01:34 PM

Re: imc syslog events

Hello,

 

Try looking in IMC under System > System Configuration > Data Export.

 

There should be a tab for Syslog where you can modify the Export Triggers associated with the Syslog data.

 

Hope it helps!

Accept or Kudo

0 Kudos
marcelsun
Occasional Visitor

‎06-18-2014 01:46 AM

‎06-18-2014 01:46 AM

Re: imc syslog events

The 2 million syslog events are reached very quickly in our network.

How can i disable this data export.

The By Time i can remove, but the by quantity is greyed out.

 

I have attached an printscreen about this.

Thanks in advance

 

Marcel

0 Kudos
LindsayHill
Honored Contributor

‎06-18-2014 04:52 PM

‎06-18-2014 04:52 PM

Solution

Re: imc syslog events

If you're quickly receiving 2 million syslog events, then you probably need to reconsider your overall approach to syslog collection.

I would use a combination of filtering (stop syslogs being generated in the first place, change the level you collect logs at - e.g. disable debug, etc.). If you need to store/parse very large volumes of syslogs, it's probably better to use a dedicated system, such as Graylog2, or Splunk if you can afford it.
__
@northlandboy
LajosVarga
Occasional Visitor

‎09-07-2015 02:39 PM

‎09-07-2015 02:39 PM

Re: imc syslog events

I have got a different Syslog Event problem. I have to create a Syslog to Alarm event. 

I have created the Syslog Template first then a Syslog to Alarm rule. 

Test showing when the event occur, the related Syslog generated in the Syslog List, and I have also got an Alarm created based on the Syslog message. It seems the system and the settings works well.  

BUT,unfortunately works only ones. Not a single alarm generated after the first. 

I can only make it work if I restart the  IMCFAULTDM.EXE on IMC Server. And again system sends one single alarm.


I have also changed the following settings:

Set Syslog to Alarm - repeat interval second from 300 to 1

Repeat times from 5 to 1

 

I have also tried to resolve the generated alarm, then tested for a new alarm, but nothing come through.

 

I have also experienced if the same event occur on a different switch, an alarm generated. But again only ones. 

 

What am I doing wrong? Or could be a bug?

 

Thanks much



 

GiroSinTornillo
Occasional Advisor

‎07-28-2016 05:19 AM

‎07-28-2016 05:19 AM

Re: imc syslog events

Hello Lajos:
 Do you have solved the issue? I have the same issue, exactly the same.

I thing that is a configuration problem, not a bug.

Thanks in advance.


Hugo

0 Kudos
HP-Network-Eng
Occasional Visitor

‎02-03-2019 11:45 AM

‎02-03-2019 11:45 AM

Re: imc syslog events

Hi, 

I'm coming across the exact same problem, where to syslog-to-alarm only works first time. Any subsequent similar syslog messages that match the template are not forwarded to alarm

Did you figure out what was causing the issue ?

 

I followed the condfig guide similar to how you did

thanks

Ger

0 Kudos
Alek_V
New Member

‎06-03-2020 06:16 AM

‎06-03-2020 06:16 AM

Re: imc syslog events

Hi,

 

i found how do you can see more log than from the last hour. It very easy  
Alarm -> Syslog Management -> Browse Syslog -> At the top right there is the field IP Address and a down arrow It call "Advanced" Click on that and you can choose between Last hour and Last 7 Days. 

crazy )) 

 
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.