Configuring the Syslog Adapter
Syslog Adapter
Syslog Adapter configuration and script files describes the
files that you need to use when configuring the
Syslog Adapter
. If you
edit any of these files, you must use the sm_edit
utility. The utility will save the local copies to the appropriate VMware Smart Assurance
subdirectories under the BASEDIR
/smarts/local directory. “The sm_edit utility” on page 43 provides more information.Directory under BASEDIR / | Filename | User editable | Description |
|---|---|---|---|
smarts/rules/icoi-syslog/ | my_hook_syslog.asl | Yes | Basic template for processing a syslog file. |
smarts/rules/icoi-syslog/ | syslog_mgr.asl | Yes | Rule set for parsing each syslog message. |
The
Syslog Adapter
creates events by parsing the contents of syslog files. You can use it to parse the contents of any text file with entries of the format:month day time hostName applicationName [process_id]:text_message
If the format of your syslog file is different from the above format, you can edit my_hook_syslog.asl and syslog_mgr.asl to parse the entries accordingly.
The
Syslog Adapter
can parse the contents of a file and it can tail a file. When the Syslog Adapter
tails a file, it skips the existing content
and uses only content added to the file while the adapter is running.The process_id parameter is optional when parsing the contents of syslog files.
The
Adapter Platform
includes a basic template for processing a syslog file. This file is BASEDIR
/smarts/rules/icoi-syslog/my_hook_syslog.asl. After ensuring
that the
Adapter Platform
Server and the Global Manager
are up and running, complete the following procedures to configure the Syslog Adapter
:- Check the location of the Syslog file to be sure it is appropriately placed for your operating system.
- Change the parameters in the local copy of my_hook_syslog.asl to match your needs.
- Start theSyslog Adapter.