05-01-2007 08:47 AM
I have setup LMS2.5.1 to send emails upon reception of certain syslog messages.
For every message received, an email is triggered. If there is a faulty device, thousands of emails are triggered for the same message.
Is Cisco by any chance going to implement message correlation in a future CiscoWorks release, so that syslog message filters manage the received messages more intelligently, and that one's mailbox will not be flooded by thousands of emails for the same message?
Thanks
05-01-2007 09:09 AM
This is not currently planned. However, by using the script Automated Action instead of the email, you could code your own correlation engine to reduce the flood of messages. Newer versions of IOS also offer the ability to manipulate syslog messages directly on the device using rate limiting and the Embedded Syslog Manager.
See http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a8516.html for more on the Embedded Syslog Manager.
05-01-2007 02:33 PM
has anyone coded already a correlation engine you can recommend as a starting point?
05-01-2007 02:41 PM
I have not heard of any AA scripts to do message correlation. Hopefully, if any one has written such a script, they would participate in this forum, and be willing to share.
As a basic starting point, you could do simple message counting. Keep a cache file of devices, messages, the message count, and the start time of your "roll-up" window. That way, you would only get one of each message from each device in the desired window.
05-01-2007 04:39 PM
I went ahead and coded my simply counting example. Attached is the AA script and the .sh and .bat wrappers for Solaris and Windows. You will need to modify some of the values in msg_rollup.pl as well as install the sampleEmailScript.pl into NMSROOT/bin (note: this is the same sampleEmailScript.pl that shipped with LMS 2.2).
This should give you a good starting point. Of course, these files are distributed as is with no support. The msg_rollup.pl script is BSD-licensed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide