ADSM-L

[ADSM-L] Antwort: Re: [ADSM-L] Antwort: Re: [ADSM-L] syslog

2017-09-20 14:50:54
Subject: [ADSM-L] Antwort: Re: [ADSM-L] Antwort: Re: [ADSM-L] syslog
From: Rainer Holzinger <Rainer.Holzinger AT EMPALIS DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 20 Sep 2017 20:49:10 +0200
Hi Remco,

you're right, the severity inside TSM is not applied to the severity 
within SYSLOG.
If IBM would do so I would have one problem less to tackle with ;-)
Maybe time for an RFE ;-)

best regards,
Rainer



Von:    "Remco Post" <r.post AT PLCS DOT NL>
An:     ADSM-L AT VM.MARIST DOT EDU
Datum:  20.09.2017 20:40
Betreff:        Re: [ADSM-L] Antwort: Re: [ADSM-L] syslog
Gesendet von:   "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>



> On 20 Sep 2017, at 09:23, Rainer Holzinger 
<Rainer.Holzinger AT EMPALIS DOT COM> wrote:
> 
> Hi Remco,
> 
> I can confirm IBM's information.
> SYSLOG records are coming in via syslog facility 'user' and severity 
> 'info’.

Hi Rainer,

I’m now guessing all are of sev. info, not reflecting the severity within 
TSM… well, I guess there must always be something left to improve upon ;-)

Thanks.

> 

> Best regards,
> Rainer
> 
> 
> 
> Von:    "Remco Post" <remco.post AT GMAIL DOT COM>
> An:     ADSM-L AT VM.MARIST DOT EDU
> Datum:  19.09.2017 22:47
> Betreff:        Re: [ADSM-L] syslog
> Gesendet von:   "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
> 
> 
> 
> Hi all,
> 
> for those of us who are interested, I haven’t been able to confirm, but 
> IBM support told me the syslog facility is ’USER’, for better/easier 
> filtering.
> 
>> On 24 Aug 2017, at 17:35, Shawn Drew <shawndo AT GMAIL DOT COM> wrote:
>> 
>> Right, when trying to figure this out I tried all the local facilities 
> but couldn't find the TSM messages. I gave up on the facilities when I 
> found the rsync syntax.
>> 
>> On Aug 24, 2017, 3:48 AM -0400, Remco Post <r.post AT plcs DOT nl>, wrote:
>>> Hi Shawn,
>>> 
>>> great! thanks! This is really useful. I guess only IBM knows what 
> syslog facility is being used…
>>> 
>>> 
>>>> On 24 Aug 2017, at 02:29, Shawn Drew <shawndo AT GMAIL DOT COM> wrote:
>>>> 
>>>> I think this syntax is specific to rsyslog (which you probably have)
>>>> When you put it in the conf, make sure it is above the line for the
>>>> messages file
>>>> 
>>>> if $programname == 'dsmserv' and not ($msg contains 
'REPORTING_ADMIN')
>>>> and not ($msg contains 'ANR8592I') then /var/log/dsmserv.log
>>>> & @splunkserver.intranet
>>>> & ~
>>>> 
>>>> That is 3 lines, in case it wraps.
>>>> Line 1) I am filtering out messages that are created by a specific
>>>> data-collector service account (connects every 5 minutes) and a 
> specific
>>>> informational message. Make sure and setup logrotation for this log
>>>> Line 2) Duplicate the log msg previously described and also send it 
to
>>>> "splunkserver.intranet"
>>>> Line 3) Any log already filtered, do not include in any further 
> logging.
>>>> This prevents TSM logs from also showing up in the messages file but
>>>> needs to be before the messages line in the conf for this to work.
>>>> 
>>>> 
>>>> This sends the message using the standard syslog protocol to
>>>> "splunkserver.intranet". That server receives the message using the 
> its
>>>> own standard rsyslog installation (needs to be configured to receive
>>>> syslog) Then splunk will monitor the messages file and load it into 
> the
>>>> index. You can then use splunk filters if you want to move it to a
>>>> separate index or whatever. I have all the TSM/DataDomain stuff going
>>>> into an isolated index. I think splunk can be configured to receive
>>>> syslog messages directly but we don't do it that way (I don't run the
>>>> splunk server)
>>>> 
>>>> 
>>>> 
>>>> On 8/23/2017 3:56 PM, Remco Post wrote:
>>>>> Tell me more, please. I'm quite sure that there is Splunk in my 
> future as well, can you share your syslog config?
>>>>> 
>>> 
>>> --
>>> 
>>> Met vriendelijke groeten/Kind Regards,
>>> 
>>> Remco Post
>>> r.post AT plcs DOT nl
>>> +31 6 248 21 622
> 
> 
> 
> --
> 
> Met vriendelijke groeten/Kind Regards,
> 
> Remco Post
> r.post AT plcs DOT nl
> +31 6 248 21 622
> 
> 
> 
> 

-- 

 Met vriendelijke groeten/Kind Regards,

Remco Post
r.post AT plcs DOT nl
+31 6 248 21 622




<Prev in Thread] Current Thread [Next in Thread>

ADSM.ORG Privacy and Data Security by KimLaw, PLLC