Configuring the
Syslog Adapter

Syslog Adapter configuration and script files describes the files that you need to use when configuring the
Syslog Adapter
. If you edit any of these files, you must use the
sm_edit
utility. The utility will save the local copies to the appropriate
VMware Smart Assurance
subdirectories under the
BASEDIR
/smarts/local directory. “The sm_edit utility” on page 43 provides more information.
Syslog Adapter
configuration and script files
Directory under
BASEDIR
/
Filename
User editable
Description
smarts/rules/icoi-syslog/
my_hook_syslog.asl
Yes
Basic template for processing a syslog file.
smarts/rules/icoi-syslog/
syslog_mgr.asl
Yes
Rule set for parsing each syslog message.
The
Syslog Adapter
creates events by parsing the contents of syslog files. You can use it to parse the contents of any text file with entries of the format:
month day time hostName applicationName [process_id]:text_message
If the format of your syslog file is different from the above format, you can edit my_hook_syslog.asl and syslog_mgr.asl to parse the entries accordingly.
The
Syslog Adapter
can parse the contents of a file and it can tail a file. When the
Syslog Adapter
tails a file, it skips the existing content and uses only content added to the file while the adapter is running.
The process_id parameter is optional when parsing the contents of syslog files.
The
Adapter Platform
includes a basic template for processing a syslog file. This file is
BASEDIR
/smarts/rules/icoi-syslog/my_hook_syslog.asl.
After ensuring that the
Adapter Platform
Server and the
Global Manager
are up and running, complete the following procedures to configure the
Syslog Adapter
:
  1. Check the location of the Syslog file to be sure it is appropriately placed for your operating system.
  2. Change the parameters in the local copy of my_hook_syslog.asl to match your needs.
  3. Start the
    Syslog Adapter
    .