HPE Community
Switching and Routing
1833016 Members
2812 Online
110048 Solutions
New Discussion

syslog messages coming from HP switches cannot be filtered correctly in syslog-NG?

 
Baum48
Occasional Visitor

‎12-15-2020 01:18 AM - edited ‎03-03-2021 03:33 AM

‎12-15-2020 01:18 AM - edited ‎03-03-2021 03:33 AM

syslog messages coming from HP switches cannot be filtered correctly in syslog-NG?

i am having some trouble filtering messages coming from a few sources (HP Switches) and i would like to have some advices.

i have a huge syslog-NG configuration file, filtering messages coming from many different sources (Unix servers, NAS filers, appliances, etc.)

i generally filter messages using the host() function, or filter(), or even program().

however, i am having trouble filtering messages coming from some HP switches (network & san switches), while the message format seem to be correct.

example, i'm receiving messages such as :

Mar 14 10:40:48 switchname program: message contents here

and i created a filter like this (used in a log function later):

filter f_network {
    host("switch*");
};

but it does not work (while all others are working, for other kind of devices) i also tried to filter on the program name, same problem.

is there a way to investigate on this and understand why it is not working ? maybe the message is formatted differently and the host field is not this one (i tried all the other fields and didn't manage to make it work)

when sniffing the network interface using tcpdump, i can My Gift Card Site see a normal message (no special characters hidden or other, apparently, but maybe i'm not using the right flags)

any way of checking this ?

thanks regards

0 Kudos
1 REPLY 1
drk787
HPE Pro

‎01-13-2021 02:04 AM

‎01-13-2021 02:04 AM

Re: syslog messages coming from HP switches cannot be filtered correctly in syslog-NG?

@Baum48  Can you tell me the model of the HP switch which you are referring to.

Thank You!
I am an HPE Employee

Accept or Kudo

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.