NetXMS Wiki

Difference between revisions of "UM:Log Monitoring"

UM:Log Monitoring (view source)

Revision as of 11:29, 24 April 2015

728 bytes added ,  11:29, 24 April 2015
Added "Passing parameters to events" section
(Added "Passing parameters to events" section)
Line 414: Line 414:
</parser>
</parser>
</syntaxhighlight>
</syntaxhighlight>
= Passing parameters to events =
The log parser can send parameters to events.<br>
Anything matched by the (.*) expression will be send to an event as a parameter.
Consider the following line is received via syslog, or added to a monitored file:
<pre>
24.04.2015 12:22:15 1 5 system,error,critical login failure for user testUser from 11.2.33.41 via ssh
</pre>
We can extract username and login method from the syslog message, and pass it as parameters to an event with the following rule:
<pre>
<match>system,error,critical login failure for user (.*) from .* via (.*)</match>
<event params="2">10000</event>
</pre>
Username will be sent to the event as %1, IP address will not be sent, and login method will be sent as %2.
Tomas Kirnak
184

edits

Retrieved from "https://wiki.netxms.org/wiki/Special:MobileDiff/1366"