ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] syslog

2017-08-24 11:37:51
Subject: Re: [ADSM-L] syslog
From: Shawn Drew <shawndo AT GMAIL DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 24 Aug 2017 11:35:32 -0400 
Right, when trying to figure this out I tried all the local facilities but 
couldn't find the TSM messages. I gave up on the facilities when I found the 
rsync syntax.

On Aug 24, 2017, 3:48 AM -0400, Remco Post <r.post AT plcs DOT nl>, wrote:
> Hi Shawn,
>
> great! thanks! This is really useful. I guess only IBM knows what syslog 
> facility is being used…
>
>
> > On 24 Aug 2017, at 02:29, Shawn Drew <shawndo AT GMAIL DOT COM> wrote:
> >
> > I think this syntax is specific to rsyslog (which you probably have)
> > When you put it in the conf, make sure it is above the line for the
> > messages file
> >
> > if $programname == 'dsmserv' and not ($msg contains 'REPORTING_ADMIN')
> > and not ($msg contains 'ANR8592I') then /var/log/dsmserv.log
> > & @splunkserver.intranet
> > & ~
> >
> > That is 3 lines, in case it wraps.
> > Line 1) I am filtering out messages that are created by a specific
> > data-collector service account (connects every 5 minutes) and a specific
> > informational message. Make sure and setup logrotation for this log
> > Line 2) Duplicate the log msg previously described and also send it to
> > "splunkserver.intranet"
> > Line 3) Any log already filtered, do not include in any further logging.
> > This prevents TSM logs from also showing up in the messages file but
> > needs to be before the messages line in the conf for this to work.
> >
> >
> > This sends the message using the standard syslog protocol to
> > "splunkserver.intranet". That server receives the message using the its
> > own standard rsyslog installation (needs to be configured to receive
> > syslog) Then splunk will monitor the messages file and load it into the
> > index. You can then use splunk filters if you want to move it to a
> > separate index or whatever. I have all the TSM/DataDomain stuff going
> > into an isolated index. I think splunk can be configured to receive
> > syslog messages directly but we don't do it that way (I don't run the
> > splunk server)
> >
> >
> >
> > On 8/23/2017 3:56 PM, Remco Post wrote:
> > > Tell me more, please. I'm quite sure that there is Splunk in my future as 
> > > well, can you share your syslog config?
> > >
>
> --
>
> Met vriendelijke groeten/Kind Regards,
>
> Remco Post
> r.post AT plcs DOT nl
> +31 6 248 21 622
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] syslog, Remco Post
Next by Date:  Re: [ADSM-L] syslog, Shawn Drew
Previous by Thread:  Re: [ADSM-L] syslog, Remco Post
Next by Thread:  Re: [ADSM-L] syslog, Remco Post
Indexes:  [Date] [Thread] [Top] [All Lists]
ADSM.ORG Privacy and Data Security by KimLaw, PLLC