Syslog Watcher 4.8 supports the only feature which allowing to insert an extra piece of information into collected syslogs: resolved hostnames of IP addresses. The VendorPack addon can provide additional information based on the message content, but in only shown to users, not stored into the storage.
User's request: I would like to use Syslog Watcher to be log host to monitor link up/down status of some H3C S5500-EI switches. The interface name GigabithEthernet1/0/x was shown on the message when a the link was down but not the interface description. I don't think there is configuration on the H3C switch to include the interface description in syslog message so I would like to know if there is any work-around for Syslog Watcher to parse the description before showing the message on the grid. Thanks.
Possible solution: Add syslog message processors for the data collected, which would parse a message and make changes to it. The changes are based on data tables (such as in the case above - a table of interface names) or on simple algorithms.
It was not done yet. It's a feature request for next version of Syslog Watcher.
Can you show some examples how it was done? Add syslog message processors means?