Highlighted
Absent Member.
Absent Member.
275 views

Cisco-Connector: Interface parsing


Hello all,

storing the interface of the cisco-syslog message is important to group
events, alerts based on this msg.

I used:

Code:
--------------------
Record.prototype.customParse = function(e) {

//interface nummer aus Syslog-msg herausfiltern: fa8/8 gi8, gi8.9, te8/8/8

var intport=this.msg.match(/(on interface|interface|port|putting|[^i^ ]on) (\D+ ?(\d+|\.|\/|\d.*?))(:|,| )/i);
if(intport != null) {
var intface=intport[2];
var prt1=intport[3];
e.TargetServiceName=intface;
e.dxport=prt1;
}
e.ReporterHostID = this.severity;
e.CustomerVar34= this.severity;

return true;
}
--------------------


1. [0-9] `Interface`
2. [10-31] `GigabitEthernet1/0/32`
3. [25-31] `1/0/32`
4. [31-32] `,`


this will parse:
"Interface GigabitEthernet1/0/32, changed state to up" etc
"BFD session to neighbor 10.x.x.x.x on interface Eth10/1 has been
created"
"Line protocol on Interface GigabitEthernet1/0/32, changed state to up"
etc.

Would be fine to have this coded in the next Connectors by NetIQ.

Torsten


--
tfechner
------------------------------------------------------------------------
tfechner's Profile: https://forums.netiq.com/member.php?userid=8929
View this thread: https://forums.netiq.com/showthread.php?t=55458

0 Likes
2 Replies
Highlighted
Absent Member.
Absent Member.

Re: Cisco-Connector: Interface parsing


tfechner;265669 Wrote:
> Hello all,
>
> storing the interface of the cisco-syslog message is important to group
> events, alerts based on this msg.
>
> I used:
> >

Code:
--------------------
> > Record.prototype.customParse = function(e) {

>
> //interface nummer aus Syslog-msg herausfiltern: fa8/8 gi8, gi8.9, te8/8/8
>
> var intport=this.msg.match(/(on interface|interface|port|putting|[^i^ ]on) (\D+ ?(\d+|\.|\/|\d.*?))(:|,| )/i);
> if(intport != null) {
> var intface=intport[2];
> var prt1=intport[3];
> e.TargetServiceName=intface;
> e.dxport=prt1;
> }
> e.ReporterHostID = this.severity;
> e.CustomerVar34= this.severity;
>
> return true;
> }

--------------------
> >

>
> 1. [0-9] `Interface`
> 2. [10-31] `GigabitEthernet1/0/32`
> 3. [25-31] `1/0/32`
> 4. [31-32] `,`
>
>
> this will parse:
> "Interface GigabitEthernet1/0/32, changed state to up" etc
> "BFD session to neighbor 10.x.x.x.x on interface Eth10/1 has been
> created"
> "Line protocol on Interface GigabitEthernet1/0/32, changed state to
> up"
> etc.
>
> Would be fine to have this coded in the next Connectors by NetIQ.
>
> Torsten


Just go ahead and open an SR or something like this. If you want to
make it super easy to do quickly, give us samples of the messages that
are important to you, otherwise if we don't have that message handy
already we have to take the extra time to generate it.

THanks,
Brandon


--
brandon.langley
------------------------------------------------------------------------
brandon.langley's Profile: https://forums.netiq.com/member.php?userid=350
View this thread: https://forums.netiq.com/showthread.php?t=55458

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Cisco-Connector: Interface parsing


SR# 10995270771 - Cisco-Connector parsing


--
tfechner
------------------------------------------------------------------------
tfechner's Profile: https://forums.netiq.com/member.php?userid=8929
View this thread: https://forums.netiq.com/showthread.php?t=55458

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.