- Community Home
- >
- Networking
- >
- Legacy
- >
- PCM
- >
- Re: PCM+ syslog policy issue
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2012 04:51 AM
02-02-2012 04:51 AM
PCM+ syslog policy issue
Hi,
I have a PCM+ that´s working properly but i have problems with policies:
- I receive logs from network switches on the PCM+ syslog correctly but when i configure a policy based on these logs it can´t be triggered. The policy is well configured because when i apply it based on traffic activity threshold it works.
Can you help me?
Thank you,
- Tags:
- syslog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-03-2012 11:28 AM
02-03-2012 11:28 AM
Re: PCM+ syslog policy issue
Hi,
Unfortunately PCM doesn't support policies based on data from syslog messages, only data from PCM events. PCM events are generated from the reception of SNMP traps from devices, so perhaps you can configure the switch(es) in question to send traps for whatever you're trying to capture out of the syslog ...?
The reason for this is that syslog formats vary wildly and parsing the various messages with any sort of accuracy for content that can then be plugged into a policy (e.g. IP addresses, port numbers, ifIndexes, etc.) is extremely error-prone. In contrast, SNMP traps can be parsed for their content by OID, meaning that PCM can always rely on finding the bits of data it needs without the guesswork and potential error involved in parsing a syslog string.
Regards,
SVB
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-06-2012 04:23 AM
02-06-2012 04:23 AM
Re: PCM+ syslog policy issue
Hi,
Thank you very much for your as¡nswer but, if i understand, you mean that if i have a switch that send logs to the PCM+ own integrated syslog I can´t configure a policy based on these log messages?
So, how can i do to configure a policy that notify me if a port or link goes down?
Thank you,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-07-2012 09:38 AM
02-07-2012 09:38 AM
Re: PCM+ syslog policy issue
Ibon,
PCM collects syslog information so that it's centrally available, but because of the variability in syslog record content and format PCM does not process syslog messages as policy triggers.
If you want to trigger a policy to notify you of a particular event, such as a port changing state, you have to do so based on SNMP events. If the device can generate an SNMP trap for the event you're interested in - and I believe that the HP switches are capable of generating a trap for port up/down - then you can create a policy in PCM that will notify you via email or dialog box on the PCM console.
Regards,
SVB