IMC
cancel
Showing results for 
Search instead for 
Did you mean: 

imc syslog events

SOLVED
Go to solution
marcelsun
Occasional Visitor

imc syslog events

Hello,

I have some problems finding out how i can enlarge the amount of syslog events in the imc syslog database.

I already made some changes in imc (data export, no time en 2 million events), but whatever i do i only see events for 1 hour. Sometimes there are 5.000 another time there are 12.000 syslog events.

I also read somewhere that you can enlarge the syslog database when you disable data export, but how do i do that.

 

Thanks in advance,

 

Marcel

 

 

5 REPLIES

Re: imc syslog events

Hello,

 

Try looking in IMC under System > System Configuration > Data Export.

 

There should be a tab for Syslog where you can modify the Export Triggers associated with the Syslog data.

 

Hope it helps!

marcelsun
Occasional Visitor

Re: imc syslog events

The 2 million syslog events are reached very quickly in our network.

How can i disable this data export.

The By Time i can remove, but the by quantity is greyed out.

 

I have attached an printscreen about this.

Thanks in advance

 

Marcel

LindsayHill
Honored Contributor
Solution

Re: imc syslog events

If you're quickly receiving 2 million syslog events, then you probably need to reconsider your overall approach to syslog collection.

I would use a combination of filtering (stop syslogs being generated in the first place, change the level you collect logs at - e.g. disable debug, etc.). If you need to store/parse very large volumes of syslogs, it's probably better to use a dedicated system, such as Graylog2, or Splunk if you can afford it.
LajosVarga
Occasional Visitor

Re: imc syslog events

I have got a different Syslog Event problem. I have to create a Syslog to Alarm event. 

I have created the Syslog Template first then a Syslog to Alarm rule. 

Test showing when the event occur, the related Syslog generated in the Syslog List, and I have also got an Alarm created based on the Syslog message. It seems the system and the settings works well.  

BUT,unfortunately works only ones. Not a single alarm generated after the first. 

I can only make it work if I restart the  IMCFAULTDM.EXE on IMC Server. And again system sends one single alarm.


I have also changed the following settings:

Set Syslog to Alarm - repeat interval second from 300 to 1

Repeat times from 5 to 1

 

I have also tried to resolve the generated alarm, then tested for a new alarm, but nothing come through.

 

I have also experienced if the same event occur on a different switch, an alarm generated. But again only ones. 

 

What am I doing wrong? Or could be a bug?

 

Thanks much



 

GiroSinTornillo
Occasional Advisor

Re: imc syslog events

Hello Lajos:
 Do you have solved the issue? I have the same issue, exactly the same.

I thing that is a configuration problem, not a bug.

Thanks in advance.


Hugo