Parse syslogs and insert additional information into messages

Syslog Watcher 4.8 supports the only feature which allowing to insert an extra piece of information into collected syslogs: resolved hostnames of IP addresses. The VendorPack addon can provide additional information based on the message content, but in only shown to users, not stored into the storage.

User's request: I would like to use Syslog Watcher to be log host to monitor link up/down status of some H3C S5500-EI switches. The interface name GigabithEthernet1/0/x was shown on the message when a the link was down but not the interface description. I don't think there is configuration on the H3C switch to include the interface description in syslog message so I would like to know if there is any work-around for Syslog Watcher to parse the description before showing the message on the grid. Thanks.

Possible solution: Add syslog message processors for the data collected, which would parse a message and make changes to it. The changes are based on data tables (such as in the case above - a table of interface names) or on simple algorithms.


Can you show some examples how it was done? Add syslog message processors means?

Hi Peter,

It was not done yet. It's a feature request for next version of Syslog Watcher.



