Lee,



I actually have the same exact question. Splunk seems to operate quite well
on its own but it really is easier to configure ONMS to receive log events.
I don't believe Splunk is set up with MIB's and such so configuration in
ONMS isn't straight forward.



My problem is two-fold: I am unable to find a proper logging solution that
handles both windows machines and suse machines. I was pointed to a windows
solution that pipes the logs in their entirety to a syslog solution on a
Suse box, but figuring out performance requirements is a bit of a tussle.



If anyone who is familiar log analyzers and solutions if you would be so
kind to contact me outside of this list (since it's off the ONMS topic) I
would appreciate it.



Thanks,

Dan



_____

From: opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of Lee
Quince
Sent: Monday, November 13, 2006 5:34 PM
To: opennms-***@lists.sourceforge.net
Subject: [opennms-discuss] syslog-ng / Splunk / OpenNMS



Any ideals on the best way to integrate all these???



Currently we have



Syslog-NG collecting syslogs and piping them into Splunk.. And OpenNMS
monitoring and providing performance Stat's...



Now if only I could get the events (syslog) into OpenNMS as well..? Is there
a way for me to point SysLog to OpenNMS and Integrate Splunk or Configure
SysLog-NG to relay/forward to OpenNMS, when I tried it before the SysLog's
only ever log as if they were coming from the SysLog-NG machine....



Ohh before I forget we are running ONMS 1.3.2 on Debian Etch..



Regards

Lee Quince
Managing Technical Director
iQunity Ltd
Undivided Attention
mobile: 07970 070 806
fax: 08703 835 661

Internet Email Confidentiality Notice:
This message contains confidential information. If you are not the addressee
indicated in this message, you may not copy or deliver it to anyone.
In such case, you should destroy this message and kindly notify us by reply
email.

Lee

What's in trunk handles BSD style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools (with source) for Win32 Eventlog -> Syslog
are readily available, we use

https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/

----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006 5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Message



Any ideals
on the best way to integrate all these???



Currently
we have



Syslog-NG
collecting syslogs and piping them into Splunk.. And OpenNMS monitoring and
providing performance Stat's...



Now if only
I could get the events (syslog) into OpenNMS as well..? Is there a way for me to
point SysLog to OpenNMS and Integrate Splunk or Configure SysLog-NG to
relay/forward to OpenNMS, when I tried it before the SysLog's only ever log as
if they were coming from the SysLog-NG machine....



Ohh before
I forget we are running ONMS 1.3.2 on Debian Etch..



Regards



Lee
Quince
Managing Technical Director
iQunity Ltd
Undivided Attention
mobile: 07970
070 806
fax: 08703 835 661


Internet
Email Confidentiality Notice:
This message contains confidential information. If you are not the
addressee indicated in this message, you may not copy or deliver it to
anyone.
In such case, you should destroy this message and kindly notify us by
reply email.



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

I knew there were additional reasons I wanted the trunk. :-)



In addition to event logs, what about web logs, or custom logs that may come
from various custom applications? Almost everything I see is made for web
logs OR event logs. I need a solution that will handle both all types of
logs on both linux and windows machines. That win32 eventlog -> syslog is
great for event logs but I am unable to find much for web logs (IIS) or
custom logs on servers and piping them into something like Swatch that ONMS
can in turn read (if you are using the trunk).



Ideas? Suggestions? Or is this too much off topic? If so I apologize in
advance.



Best Regards,

Dan Willis

_____

From: opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of johan
edstrom
Sent: Monday, November 13, 2006 6:08 PM
To: General OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS



Lee

What's in trunk handles BSD style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools (with source) for Win32 Eventlog -> Syslog
are readily available, we use

https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/

----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006 5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Any ideals on the best way to integrate all these???



Currently we have



Syslog-NG collecting syslogs and piping them into Splunk.. And OpenNMS
monitoring and providing performance Stat's...



Now if only I could get the events (syslog) into OpenNMS as well..? Is there
a way for me to point SysLog to OpenNMS and Integrate Splunk or Configure
SysLog-NG to relay/forward to OpenNMS, when I tried it before the SysLog's
only ever log as if they were coming from the SysLog-NG machine....



Ohh before I forget we are running ONMS 1.3.2 on Debian Etch..



Regards

Lee Quince
Managing Technical Director
iQunity Ltd
Undivided Attention
mobile: 07970 070 806
fax: 08703 835 661

Internet Email Confidentiality Notice:
This message contains confidential information. If you are not the addressee
indicated in this message, you may not copy or deliver it to anyone.
In such case, you should destroy this message and kindly notify us by reply
email.



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk
<http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642>
&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this
page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

The problem with this is as the message is relayed from syslog-NG the
UDP source IP is then the queried and matched host... Hence every syslog
event is then seen as the syslog-NG server.



Two ways forward I can see



Allow the SyslogD to match the host,ip from the column in the in the UDP
string.. ie..

"Nov 14 03:24:39 10.91.254.251/10.129.250.10 Kiwi_Syslog_Daemon
l2tp,ppp,info,account ***@iqunity.net logged in, 10.65.251.239"



Or is there away that Splunk can read the OpenNMS event and alert
log..??? And Point the syslog on the node to OpenNMS (this is the least
favored way)



Regards



Lee

















________________________________

From: opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: Monday, November 13, 2006 11:08 PM
To: General OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS



Lee

What's in trunk handles BSD style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools (with source) for Win32 Eventlog -> Syslog
are readily available, we use

https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/

----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006 5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Any ideals on the best way to integrate all these???



Currently we have



Syslog-NG collecting syslogs and piping them into Splunk.. And OpenNMS
monitoring and providing performance Stat's...



Now if only I could get the events (syslog) into OpenNMS as well..? Is
there a way for me to point SysLog to OpenNMS and Integrate Splunk or
Configure SysLog-NG to relay/forward to OpenNMS, when I tried it before
the SysLog's only ever log as if they were coming from the SysLog-NG
machine....



Ohh before I forget we are running ONMS 1.3.2 on Debian Etch..



Regards

Lee Quince
Managing Technical Director
iQunity Ltd
Undivided Attention
mobile: 07970 070 806
fax: 08703 835 661

Internet Email Confidentiality Notice:
This message contains confidential information. If you are not the
addressee indicated in this message, you may not copy or deliver it to
anyone.
In such case, you should destroy this message and kindly notify us by
reply email.



------------------------------------------------------------------------
-
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of
this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

Oh I see, we would need a different greedy regexp.
That would capture the *last* in a row of IP/IP/IP - right?

It's really only a 3 liner I think.



----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 7:08:15 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Message










<!--
_filtered {font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
_filtered {font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p.msonormal1, li.msonormal1, div.msonormal1
{
margin-right:0in;

margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman";}
span.EmailStyle20
{
font-family:Arial;
color:navy;}
_filtered {
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{}
-->






The problem with this is as the message is
relayed from syslog-NG the UDP source IP is then the queried and matched host…
Hence every syslog event is then seen as the syslog-NG server.





Two ways forward I can see





Allow the SyslogD to match the host,ip
from the column in the in the UDP string.. ie..


“Nov 14 03:24:39 10.91.254.251/10.129.250.10 Kiwi_Syslog_Daemon
l2tp,ppp,info,account ***@iqunity.net logged in, 10.65.251.239”





Or is there away that Splunk can read the OpenNMS
event and alert log..??? And Point the syslog on the node to OpenNMS (this is
the least favored way)





Regards





Lee



































From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of johan edstrom

Sent: Monday, November 13, 2006
11:08 PM

To: General OpenNMS Discussion

Subject: Re: [opennms-discuss]
syslog-ng / Splunk / OpenNMS












Lee



What's in trunk handles BSD style cascading.

http://www.opennms.org/index.php/Syslogd



I think tools (with source) for Win32 Eventlog -> Syslog

are readily available, we use



https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/




----- Original Message
----

From: Lee Quince < ***@iqunity.com >

To: opennms-***@lists.sourceforge.net

Sent: Monday, November 13, 2006 5:33:57 PM

Subject: [opennms-discuss] syslog-ng / Splunk / OpenNMS




Any ideals on the best way to integrate all these???















Currently we have















Syslog-NG collecting syslogs and piping them
into Splunk.. And OpenNMS monitoring and providing performance Stat's...















Now if only I could get the events (syslog)
into OpenNMS as well..? Is there a way for me to point SysLog to OpenNMS and
Integrate Splunk or Configure SysLog-NG to relay/forward to OpenNMS, when I
tried it before the SysLog's only ever log as if they were coming from the
SysLog-NG machine....















Ohh before I forget we are running ONMS
1.3.2 on Debian Etch..















Regards





Lee Quince


Managing
Technical Director

iQunity Ltd

Undivided Attention

mobile: 07970 070 806

fax: 08703 835 661


Internet
Email Confidentiality Notice:

This message
contains confidential information. If you are not the addressee indicated in
this message, you may not copy or deliver it to anyone.

In such case, you should destroy this message and kindly notify us by reply
email.












-------------------------------------------------------------------------

Using Tomcat but need to do more? Need to support web services, security?

Get stuff done quickly with pre-integrated technology to make your job easier

Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo

http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642







_______________________________________________

Please read the OpenNMS Mailing List FAQ:

http://www.opennms.org/index.php/Mailing_List_FAQ



opennms-discuss mailing list



To *unsubscribe* or change your subscription options, see the bottom of this
page:

https://lists.sourceforge.net/lists/listinfo/opennms-discuss























-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss







____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

Which is a smarter way I think.

Thanks Mike!

----- Original Message ----
From: Mike Huot <***@opennms.org>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 7:57:41 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

You could use Event Translator to handle this as well.

Mike

On Nov 14, 2006, at 6:56 AM, johan edstrom wrote:

Oh I see, we would need a different greedy regexp.
That would capture the *last* in a row of IP/IP/IP - right?

It's really only a 3 liner I think.



----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 7:08:15 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

The problem with this is as the message is relayed from syslog-NG the UDP source IP is then the queried and matched host… Hence every syslog event is then seen as the syslog-NG server.


Two ways forward I can see


Allow the SyslogD to match the host,ip from the column in the in the UDP string.. ie..
“Nov 14 03:24:39 10.91.254.251/10.129.250.10 Kiwi_Syslog_Daemon l2tp,ppp,info,account ***@iqunity.net logged in, 10.65.251.239”


Or is there away that Splunk can read the OpenNMS event and alert log..??? And Point the syslog on the node to OpenNMS (this is the least favored way)


Regards


Lee

















From: opennms-discuss-***@lists.sourceforge.net [mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of johan edstrom
Sent: Monday, November 13, 2006 11:08 PM
To: General OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS



Lee

What's in trunk handles BSD style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools (with source) for Win32 Eventlog -> Syslog
are readily available, we use

https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/
----- Original Message ----
From: Lee Quince < ***@iqunity.com >
To: opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006 5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk / OpenNMS
Any ideals on the best way to integrate all these???




Currently we have




Syslog-NG collecting syslogs and piping them into Splunk.. And OpenNMS monitoring and providing performance Stat's...




Now if only I could get the events (syslog) into OpenNMS as well..? Is there a way for me to point SysLog to OpenNMS and Integrate Splunk or Configure SysLog-NG to relay/forward to OpenNMS, when I tried it before the SysLog's only ever log as if they were coming from the SysLog-NG machine....




Ohh before I forget we are running ONMS 1.3.2 on Debian Etch..




Regards

Lee Quince
Managing Technical Director
iQunity Ltd
Undivided Attention
mobile: 07970 070 806
fax: 08703 835 661
Internet Email Confidentiality Notice:
This message contains confidential information. If you are not the addressee indicated in this message, you may not copy or deliver it to anyone.
In such case, you should destroy this message and kindly notify us by reply email.



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss









-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss





Everyone is raving about the all-new Yahoo! Mail beta.-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ


opennms-discuss mailing list


To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

I guess this regexp would take care of
Syslog-NG?

Can somebody verify? (I don't use it)

"^.*/(\\d+\\.\\d+\\.\\d+\\.\\d+) (.*)"

I added an extra IP in the chain, hoping that is
how several layers of nesting would work?


start() = 0, end() = 269
group(0) = "Nov 14 03:24:Nov 14 03:24:39 10.1.1.1/10.91.254.251/10.129.250.10 Kiwi_Syslog_Daemon l2tp,ppp,info,account ***@iqunity.net logged in, 10.65.251.23939 10.91.254.251/10.129.250.10 Kiwi_Syslog_Daemon l2tp,ppp,info,account ***@iqunity.net logged in, 10.65.251.239"
group(1) = "10.129.250.10"
group(2) = "Kiwi_Syslog_Daemon l2tp,ppp,info,account khlleeds@

----- Original Message ----
From: Mike Huot <***@opennms.org>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 7:57:41 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

You could use Event Translator to handle this as well.

Mike

On Nov 14, 2006, at 6:56 AM, johan edstrom wrote:

Oh I see, we would need a different greedy regexp.
That would capture the *last* in a row of IP/IP/IP - right?

It's really only a 3 liner I think.



----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 7:08:15 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

The problem with this is as the message is relayed from syslog-NG the UDP source IP is then the queried and matched host… Hence every syslog event is then seen as the syslog-NG server.


Two ways forward I can see


Allow the SyslogD to match the host,ip from the column in the in the UDP string.. ie..
“Nov 14 03:24:39 10.91.254.251/10.129.250.10 Kiwi_Syslog_Daemon l2tp,ppp,info,account ***@iqunity.net logged in, 10.65.251.239”


Or is there away that Splunk can read the OpenNMS event and alert log..??? And Point the syslog on the node to OpenNMS (this is the least favored way)


Regards


Lee

















From: opennms-discuss-***@lists.sourceforge.net [mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of johan edstrom
Sent: Monday, November 13, 2006 11:08 PM
To: General OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS



Lee

What's in trunk handles BSD style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools (with source) for Win32 Eventlog -> Syslog
are readily available, we use

https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/
----- Original Message ----
From: Lee Quince < ***@iqunity.com >
To: opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006 5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk / OpenNMS
Any ideals on the best way to integrate all these???




Currently we have




Syslog-NG collecting syslogs and piping them into Splunk.. And OpenNMS monitoring and providing performance Stat's...




Now if only I could get the events (syslog) into OpenNMS as well..? Is there a way for me to point SysLog to OpenNMS and Integrate Splunk or Configure SysLog-NG to relay/forward to OpenNMS, when I tried it before the SysLog's only ever log as if they were coming from the SysLog-NG machine....




Ohh before I forget we are running ONMS 1.3.2 on Debian Etch..




Regards

Lee Quince
Managing Technical Director
iQunity Ltd
Undivided Attention
mobile: 07970 070 806
fax: 08703 835 661
Internet Email Confidentiality Notice:
This message contains confidential information. If you are not the addressee indicated in this message, you may not copy or deliver it to anyone.
In such case, you should destroy this message and kindly notify us by reply email.



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss









-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss





Everyone is raving about the all-new Yahoo! Mail beta.-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ


opennms-discuss mailing list


To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

Hello,



My system that make use of OpenNMS is running with the following info:



Machine: Dell PowerEdge 1850 Server

Platform: RedHat Enterprise Linux Server Version 4.0, RHEL v-4.0

OpenNMS: Version 1.2.7-1

Net-SNMP: net-snmp-5.1.2



I have created my own MIB files, XXX-MIB.txt & YYY-MIB.txt, that need to
be integrated with SNMP agent.



In XXX-MIB.txt -

- the MODULE-IDENTITY, someModueName (different from MIB module
file name), is defined

- defines the YYY OBJECT IDENTIFIER



In YYY-MIB.txt -

- IMPORTS YYY from XXX-MIB



How can I integrate with SNMP agent (and /or OpenNMS) for it to
recognize my own newly defined *MIB* files?



When I do a snmpwalk :



snmpwalk -c public 157.254.xxx.yyy -v 2c .1.3.6.1.4.1.2863



where 2863 is under the enterprises (private .4 of the .1.3.6.1.4.1)
OBJECT IDENTIFIER of our organization defined in XXX-MIB.txt, I got the
following error:



SNMPv2-SMI::enterprises. 2863= No Such Object available on this agent at
this OID





I can only generate SNMP trap via OpenNMS 'after' I have SNMP agent
recognize my MIBs.







Windie

The sent from host is the first IP address if you ready from left to
right... The last IP was the one dished out when the vpn connected..
Each time syslog is relayed the address gets added 1/2/3/4/5 and so on..

-----Original Message-----
From: opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: 14 November 2006 12:56
To: General OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS


Oh I see, we would need a different greedy regexp.
That would capture the *last* in a row of IP/IP/IP - right?

It's really only a 3 liner I think.




----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion
<opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 7:08:15 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS



The problem with this is as the message is relayed from
syslog-NG the UDP source IP is then the queried and matched host...
Hence every syslog event is then seen as the syslog-NG server.



Two ways forward I can see



Allow the SyslogD to match the host,ip from the column in the in
the UDP string.. ie..

"Nov 14 03:24:39 10.91.254.251/10.129.250.10 Kiwi_Syslog_Daemon
l2tp,ppp,info,account ***@iqunity.net logged in, 10.65.251.239"



Or is there away that Splunk can read the OpenNMS event and
alert log..??? And Point the syslog on the node to OpenNMS (this is the
least favored way)



Regards



Lee


















________________________________


From: opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: Monday, November 13, 2006 11:08 PM
To: General OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS



Lee

What's in trunk handles BSD style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools (with source) for Win32 Eventlog -> Syslog
are readily available, we use


https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/

----- Original Message ----
From: Lee Quince < ***@iqunity.com >
To: opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006 5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Any ideals on the best way to integrate all these???



Currently we have



Syslog-NG collecting syslogs and piping them into Splunk.. And
OpenNMS monitoring and providing performance Stat's...



Now if only I could get the events (syslog) into OpenNMS as
well..? Is there a way for me to point SysLog to OpenNMS and Integrate
Splunk or Configure SysLog-NG to relay/forward to OpenNMS, when I tried
it before the SysLog's only ever log as if they were coming from the
SysLog-NG machine....



Ohh before I forget we are running ONMS 1.3.2 on Debian Etch..



Regards

Lee Quince
Managing Technical Director
iQunity Ltd
Undivided Attention
mobile: 07970 070 806
fax: 08703 835 661

Internet Email Confidentiality Notice:
This message contains confidential information. If you are not
the addressee indicated in this message, you may not copy or deliver it
to anyone.
In such case, you should destroy this message and kindly notify
us by reply email.




------------------------------------------------------------------------
-
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make
your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo

http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the
bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss






------------------------------------------------------------------------
-
Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make
your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo

http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the
bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss


________________________________

Everyone is raving about the all-new Yahoo! Mail beta.
<http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/m
ailbeta>

So like this?

^.*:[\d]{1,2} ([\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3})/.*$

--- Starts to feel like this is perl :)



----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 5:18:26 PM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Message


DIV {
MARGIN:0px;}



The sent from host is the first IP address if you ready from left to
right... The last IP was the one dished out when the vpn connected.. Each time
syslog is relayed the address gets added 1/2/3/4/5 and so
on..




-----Original Message-----
From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: 14 November 2006 12:56
To: General
OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk
/ OpenNMS




Oh
I see, we would need a different greedy regexp.
That would capture the
*last* in a row of IP/IP/IP - right?

It's really only a 3 liner I
think.




-----
Original Message ----
From: Lee Quince
<***@iqunity.com>
To: General OpenNMS Discussion
<opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14,
2006 7:08:15 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


UNKNOWN {
FONT-FAMILY:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}
UNKNOWN {
FONT-FAMILY:"Trebuchet MS";panose-1:2 11 6 3 2 2 2 2 2 4;}
P.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
LI.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
DIV.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
A:link {
COLOR:blue;TEXT-DECORATION:underline;}
SPAN.MsoHyperlink {
COLOR:blue;TEXT-DECORATION:underline;}
A:visited {
COLOR:blue;TEXT-DECORATION:underline;}
SPAN.MsoHyperlinkFollowed {
COLOR:blue;TEXT-DECORATION:underline;}
P.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
LI.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
DIV.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
SPAN.EmailStyle20 {
COLOR:navy;FONT-FAMILY:Arial;}
UNKNOWN {
MARGIN:1in 1.25in;}
DIV.Section1 {

}



The problem with this
is as the message is relayed from syslog-NG the UDP source IP is then the
queried and matched host… Hence every syslog event is then seen as the
syslog-NG server.



Two ways forward I
can see



Allow the SyslogD to
match the host,ip from the column in the in the UDP string..
ie..

“Nov 14 03:24:39
10.91.254.251/10.129.250.10
Kiwi_Syslog_Daemon l2tp,ppp,info,account ***@iqunity.net logged in,
10.65.251.239”



Or is there away that
Splunk can read the OpenNMS event and alert log..??? And Point the syslog on
the node to OpenNMS (this is the least favored way)



Regards



Lee






















From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of johan edstrom
Sent: Monday, November 13, 2006 11:08
PM
To: General OpenNMS
Discussion
Subject: Re:
[opennms-discuss] syslog-ng / Splunk / OpenNMS






Lee

What's in trunk handles BSD
style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools
(with source) for Win32 Eventlog -> Syslog
are readily available, we use


https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/


----- Original Message ----
From: Lee
Quince < ***@iqunity.com >
To:
opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006
5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


Any ideals on the best
way to integrate all these???







Currently we have








Syslog-NG collecting
syslogs and piping them into Splunk.. And OpenNMS monitoring and providing
performance Stat's...







Now if only I could get
the events (syslog) into OpenNMS as well..? Is there a way for me to point
SysLog to OpenNMS and Integrate Splunk or Configure SysLog-NG to relay/forward
to OpenNMS, when I tried it before the SysLog's only ever log as if they were
coming from the SysLog-NG machine....







Ohh before I forget we
are running ONMS 1.3.2 on Debian Etch..







Regards


Lee
Quince
Managing
Technical Director
iQunity Ltd
Undivided
Attention
mobile: 07970 070 806
fax: 08703 835 661

Internet
Email Confidentiality Notice:
This
message contains confidential information. If you are not the addressee
indicated in this message, you may not copy or deliver it to anyone.
In
such case, you should destroy this message and kindly notify us by reply
email.






-------------------------------------------------------------------------
Using
Tomcat but need to do more? Need to support web services, security?
Get
stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642



_______________________________________________
Please
read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss
mailing list

To *unsubscribe* or change your subscription options, see
the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss










-------------------------------------------------------------------------
Using
Tomcat but need to do more? Need to support web services, security?
Get
stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the
OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss
mailing list

To *unsubscribe* or change your subscription options, see
the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss







Everyone is raving about the
all-new Yahoo! Mail beta.-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

Thinking of it - I guess this

([\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3})

Would find the first IP address - and would help
with both BSD and SyslogNG....



----- Original Message ----
From: johan edstrom <***@yahoo.com>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 6:37:17 PM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

So like this?

^.*:[\d]{1,2} ([\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3})/.*$

--- Starts to feel like this is perl :)



----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 5:18:26 PM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Message


DIV {
MARGIN:0px;}



The sent from host is the first IP address if you ready from left to
right... The last IP was the one dished out when the vpn connected.. Each time
syslog is relayed the address gets added 1/2/3/4/5 and so
on..




-----Original Message-----
From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: 14 November 2006 12:56
To: General
OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk
/ OpenNMS




Oh
I see, we would need a different greedy regexp.
That would capture the
*last* in a row of IP/IP/IP - right?

It's really only a 3 liner I
think.




-----
Original Message ----
From: Lee Quince
<***@iqunity.com>
To: General OpenNMS Discussion
<opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14,
2006 7:08:15 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


UNKNOWN {
FONT-FAMILY:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}
UNKNOWN {
FONT-FAMILY:"Trebuchet MS";panose-1:2 11 6 3 2 2 2 2 2 4;}
P.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
LI.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
DIV.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
A:link {
COLOR:blue;TEXT-DECORATION:underline;}
SPAN.MsoHyperlink {
COLOR:blue;TEXT-DECORATION:underline;}
A:visited {
COLOR:blue;TEXT-DECORATION:underline;}
SPAN.MsoHyperlinkFollowed {
COLOR:blue;TEXT-DECORATION:underline;}
P.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
LI.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
DIV.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
SPAN.EmailStyle20 {
COLOR:navy;FONT-FAMILY:Arial;}
UNKNOWN {
MARGIN:1in 1.25in;}
DIV.Section1 {

}



The problem with this
is as the message is relayed from syslog-NG the UDP source IP is then the
queried and matched host… Hence every syslog event is then seen as the
syslog-NG server.



Two ways forward I
can see



Allow the SyslogD to
match the host,ip from the column in the in the UDP string..
ie..

“Nov 14 03:24:39
10.91.254.251/10.129.250.10
Kiwi_Syslog_Daemon l2tp,ppp,info,account ***@iqunity.net logged in,
10.65.251.239”



Or is there away that
Splunk can read the OpenNMS event and alert log..??? And Point the syslog on
the node to OpenNMS (this is the least favored way)



Regards



Lee






















From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of johan edstrom
Sent: Monday, November 13, 2006 11:08
PM
To: General OpenNMS
Discussion
Subject: Re:
[opennms-discuss] syslog-ng / Splunk / OpenNMS






Lee

What's in trunk handles BSD
style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools
(with source) for Win32 Eventlog -> Syslog
are readily available, we use


https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/


----- Original Message ----
From: Lee
Quince < ***@iqunity.com >
To:
opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006
5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


Any ideals on the best
way to integrate all these???







Currently we have








Syslog-NG collecting
syslogs and piping them into Splunk.. And OpenNMS monitoring and providing
performance Stat's...







Now if only I could get
the events (syslog) into OpenNMS as well..? Is there a way for me to point
SysLog to OpenNMS and Integrate Splunk or Configure SysLog-NG to relay/forward
to OpenNMS, when I tried it before the SysLog's only ever log as if they were
coming from the SysLog-NG machine....







Ohh before I forget we
are running ONMS 1.3.2 on Debian Etch..







Regards


Lee
Quince
Managing
Technical Director
iQunity Ltd
Undivided
Attention
mobile: 07970 070 806
fax: 08703 835 661

Internet
Email Confidentiality Notice:
This
message contains confidential information. If you are not the addressee
indicated in this message, you may not copy or deliver it to anyone.
In
such case, you should destroy this message and kindly notify us by reply
email.






-------------------------------------------------------------------------
Using
Tomcat but need to do more? Need to support web services, security?
Get
stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642



_______________________________________________
Please
read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss
mailing list

To *unsubscribe* or change your subscription options, see
the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss










-------------------------------------------------------------------------
Using
Tomcat but need to do more? Need to support web services, security?
Get
stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the
OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss
mailing list

To *unsubscribe* or change your subscription options, see
the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss







Everyone is raving about the
all-new Yahoo! Mail beta.-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss





-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

Lee,

I hope you don't think I'm imposing, but attached is
a patch to Onms Syslogd I *think* is what you need.

Would you mind trying it?

/je

----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 5:18:26 PM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Message


DIV {
MARGIN:0px;}



The sent from host is the first IP address if you ready from left to
right... The last IP was the one dished out when the vpn connected.. Each time
syslog is relayed the address gets added 1/2/3/4/5 and so
on..




-----Original Message-----
From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: 14 November 2006 12:56
To: General
OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk
/ OpenNMS




Oh
I see, we would need a different greedy regexp.
That would capture the
*last* in a row of IP/IP/IP - right?

It's really only a 3 liner I
think.




-----
Original Message ----
From: Lee Quince
<***@iqunity.com>
To: General OpenNMS Discussion
<opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14,
2006 7:08:15 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


UNKNOWN {
FONT-FAMILY:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}
UNKNOWN {
FONT-FAMILY:"Trebuchet MS";panose-1:2 11 6 3 2 2 2 2 2 4;}
P.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
LI.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
DIV.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
A:link {
COLOR:blue;TEXT-DECORATION:underline;}
SPAN.MsoHyperlink {
COLOR:blue;TEXT-DECORATION:underline;}
A:visited {
COLOR:blue;TEXT-DECORATION:underline;}
SPAN.MsoHyperlinkFollowed {
COLOR:blue;TEXT-DECORATION:underline;}
P.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
LI.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
DIV.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
SPAN.EmailStyle20 {
COLOR:navy;FONT-FAMILY:Arial;}
UNKNOWN {
MARGIN:1in 1.25in;}
DIV.Section1 {

}



The problem with this
is as the message is relayed from syslog-NG the UDP source IP is then the
queried and matched host… Hence every syslog event is then seen as the
syslog-NG server.



Two ways forward I
can see



Allow the SyslogD to
match the host,ip from the column in the in the UDP string..
ie..

“Nov 14 03:24:39
10.91.254.251/10.129.250.10
Kiwi_Syslog_Daemon l2tp,ppp,info,account ***@iqunity.net logged in,
10.65.251.239”



Or is there away that
Splunk can read the OpenNMS event and alert log..??? And Point the syslog on
the node to OpenNMS (this is the least favored way)



Regards



Lee






















From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of johan edstrom
Sent: Monday, November 13, 2006 11:08
PM
To: General OpenNMS
Discussion
Subject: Re:
[opennms-discuss] syslog-ng / Splunk / OpenNMS






Lee

What's in trunk handles BSD
style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools
(with source) for Win32 Eventlog -> Syslog
are readily available, we use


https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/


----- Original Message ----
From: Lee
Quince < ***@iqunity.com >
To:
opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006
5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


Any ideals on the best
way to integrate all these???







Currently we have








Syslog-NG collecting
syslogs and piping them into Splunk.. And OpenNMS monitoring and providing
performance Stat's...







Now if only I could get
the events (syslog) into OpenNMS as well..? Is there a way for me to point
SysLog to OpenNMS and Integrate Splunk or Configure SysLog-NG to relay/forward
to OpenNMS, when I tried it before the SysLog's only ever log as if they were
coming from the SysLog-NG machine....







Ohh before I forget we
are running ONMS 1.3.2 on Debian Etch..







Regards


Lee
Quince
Managing
Technical Director
iQunity Ltd
Undivided
Attention
mobile: 07970 070 806
fax: 08703 835 661

Internet
Email Confidentiality Notice:
This
message contains confidential information. If you are not the addressee
indicated in this message, you may not copy or deliver it to anyone.
In
such case, you should destroy this message and kindly notify us by reply
email.






-------------------------------------------------------------------------
Using
Tomcat but need to do more? Need to support web services, security?
Get
stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642



_______________________________________________
Please
read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss
mailing list

To *unsubscribe* or change your subscription options, see
the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss










-------------------------------------------------------------------------
Using
Tomcat but need to do more? Need to support web services, security?
Get
stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the
OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss
mailing list

To *unsubscribe* or change your subscription options, see
the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss







Everyone is raving about the
all-new Yahoo! Mail beta.-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

Johan,

Would love to try it.. but how do I install the patch?

Regards

Lee

-----Original Message-----
From: opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: 15 November 2006 02:18
To: General OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS


Lee,

I hope you don't think I'm imposing, but attached is
a patch to Onms Syslogd I *think* is what you need.

Would you mind trying it?

/je


----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion
<opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 5:18:26 PM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS


The sent from host is the first IP address if you ready from
left to right... The last IP was the one dished out when the vpn
connected.. Each time syslog is relayed the address gets added 1/2/3/4/5
and so on..

-----Original Message-----
From: opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: 14 November 2006 12:56
To: General OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


Oh I see, we would need a different greedy regexp.
That would capture the *last* in a row of IP/IP/IP -
right?

It's really only a 3 liner I think.




----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion
<opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14, 2006 7:08:15 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk /
OpenNMS



The problem with this is as the message is relayed from
syslog-NG the UDP source IP is then the queried and matched host...
Hence every syslog event is then seen as the syslog-NG server.



Two ways forward I can see



Allow the SyslogD to match the host,ip from the column
in the in the UDP string.. ie..

"Nov 14 03:24:39 10.91.254.251/10.129.250.10
Kiwi_Syslog_Daemon l2tp,ppp,info,account ***@iqunity.net logged in,
10.65.251.239"



Or is there away that Splunk can read the OpenNMS event
and alert log..??? And Point the syslog on the node to OpenNMS (this is
the least favored way)



Regards



Lee


















________________________________


From: opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: Monday, November 13, 2006 11:08 PM
To: General OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk /
OpenNMS



Lee

What's in trunk handles BSD style cascading.
http://www.opennms.org/index.php/Syslogd

I think tools (with source) for Win32 Eventlog -> Syslog
are readily available, we use


https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/

----- Original Message ----
From: Lee Quince < ***@iqunity.com >
To: opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006 5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Any ideals on the best way to integrate all these???



Currently we have



Syslog-NG collecting syslogs and piping them into
Splunk.. And OpenNMS monitoring and providing performance Stat's...



Now if only I could get the events (syslog) into OpenNMS
as well..? Is there a way for me to point SysLog to OpenNMS and
Integrate Splunk or Configure SysLog-NG to relay/forward to OpenNMS,
when I tried it before the SysLog's only ever log as if they were coming
from the SysLog-NG machine....



Ohh before I forget we are running ONMS 1.3.2 on Debian
Etch..



Regards

Lee Quince
Managing Technical Director
iQunity Ltd
Undivided Attention
mobile: 07970 070 806
fax: 08703 835 661

Internet Email Confidentiality Notice:
This message contains confidential information. If you
are not the addressee indicated in this message, you may not copy or
deliver it to anyone.
In such case, you should destroy this message and kindly
notify us by reply email.




------------------------------------------------------------------------
-
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based
on Apache Geronimo

http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options,
see the bottom of this page:

https://lists.sourceforge.net/lists/listinfo/opennms-discuss






------------------------------------------------------------------------
-
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based
on Apache Geronimo

http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options,
see the bottom of this page:

https://lists.sourceforge.net/lists/listinfo/opennms-discuss


________________________________

Everyone is raving about the all-new Yahoo! Mail beta.
<http://us.rd.yahoo.com/evt=45083/*http://advision.webevents.yahoo.com/m
ailbeta>


------------------------------------------------------------------------
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance
to share your
opinions on IT & business topics through brief surveys - and
earn cash

http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDE
V
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the
bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss

In the correct sourcecode directory

Something like patch -p1 < filename.patch

I'm not sure if this will match and actually started
thinking along the terms of moving the matcher
to the syslogd-configuration.xml that way multiple
regexpes could be inserted.

/je


----- Original Message ----
From: Lee Quince <***@iqunity.com>
To: General OpenNMS Discussion <opennms-***@lists.sourceforge.net>
Sent: Wednesday, November 15, 2006 4:01:03 PM
Subject: Re: [opennms-discuss] syslog-ng / Splunk / OpenNMS

Message


DIV {
MARGIN:0px;}



Johan,



Would love to try it.. but how do I install the
patch?



Regards



Lee




-----Original Message-----
From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: 15 November 2006 02:18
To: General
OpenNMS Discussion
Subject: Re: [opennms-discuss] syslog-ng / Splunk
/ OpenNMS




Lee,


I hope you don't think I'm imposing, but attached is
a patch to
Onms Syslogd I *think* is what you need.

Would you mind trying
it?

/je


-----
Original Message ----
From: Lee Quince
<***@iqunity.com>
To: General OpenNMS Discussion
<opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14,
2006 5:18:26 PM
Subject: Re: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


DIV {
MARGIN:0px;}


The sent from host is the first IP address if you ready from left to
right... The last IP was the one dished out when the vpn connected.. Each time
syslog is relayed the address gets added 1/2/3/4/5 and so
on..




-----Original Message-----
From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of
johan edstrom
Sent: 14 November 2006 12:56
To:
General OpenNMS Discussion
Subject: Re: [opennms-discuss]
syslog-ng / Splunk / OpenNMS




Oh
I see, we would need a different greedy regexp.
That would capture the
*last* in a row of IP/IP/IP - right?

It's really only a 3 liner I
think.




-----
Original Message ----
From: Lee Quince
<***@iqunity.com>
To: General OpenNMS Discussion
<opennms-***@lists.sourceforge.net>
Sent: Tuesday, November 14,
2006 7:08:15 AM
Subject: Re: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


UNKNOWN {
FONT-FAMILY:Tahoma;panose-1:2 11 6 4 3 5 4 4 2 4;}
UNKNOWN {
FONT-FAMILY:"Trebuchet MS";panose-1:2 11 6 3 2 2 2 2 2 4;}
P.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
LI.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
DIV.MsoNormal {
FONT-SIZE:12pt;MARGIN:0in 0in 0pt;FONT-FAMILY:"Times New Roman";}
A:link {
COLOR:blue;TEXT-DECORATION:underline;}
SPAN.MsoHyperlink {
COLOR:blue;TEXT-DECORATION:underline;}
A:visited {
COLOR:blue;TEXT-DECORATION:underline;}
SPAN.MsoHyperlinkFollowed {
COLOR:blue;TEXT-DECORATION:underline;}
P.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
LI.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
DIV.msonormal1 {
FONT-SIZE:12pt;MARGIN-LEFT:0in;MARGIN-RIGHT:0in;FONT-FAMILY:"Times New Roman";}
SPAN.EmailStyle20 {
COLOR:navy;FONT-FAMILY:Arial;}
UNKNOWN {
MARGIN:1in 1.25in;}
DIV.Section1 {

}



The problem with
this is as the message is relayed from syslog-NG the UDP source IP is then
the queried and matched host… Hence every syslog event is then seen as the
syslog-NG server.



Two ways forward I
can see



Allow the SyslogD
to match the host,ip from the column in the in the UDP string..
ie..

“Nov 14 03:24:39
10.91.254.251/10.129.250.10
Kiwi_Syslog_Daemon l2tp,ppp,info,account ***@iqunity.net logged in,
10.65.251.239”



Or is there away
that Splunk can read the OpenNMS event and alert log..??? And Point the
syslog on the node to OpenNMS (this is the least favored
way)



Regards



Lee






















From:
opennms-discuss-***@lists.sourceforge.net
[mailto:opennms-discuss-***@lists.sourceforge.net] On Behalf Of johan edstrom
Sent: Monday, November 13, 2006 11:08
PM
To: General OpenNMS
Discussion
Subject: Re:
[opennms-discuss] syslog-ng / Splunk / OpenNMS






Lee

What's in trunk handles BSD
style cascading.
http://www.opennms.org/index.php/Syslogd

I think
tools (with source) for Win32 Eventlog -> Syslog
are readily
available, we use

https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/


----- Original Message ----
From:
Lee Quince < ***@iqunity.com >
To:
opennms-***@lists.sourceforge.net
Sent: Monday, November 13, 2006
5:33:57 PM
Subject: [opennms-discuss] syslog-ng / Splunk /
OpenNMS


Any ideals on the best
way to integrate all these???







Currently we have








Syslog-NG collecting
syslogs and piping them into Splunk.. And OpenNMS monitoring and providing
performance Stat's...







Now if only I could get
the events (syslog) into OpenNMS as well..? Is there a way for me to point
SysLog to OpenNMS and Integrate Splunk or Configure SysLog-NG to
relay/forward to OpenNMS, when I tried it before the SysLog's only ever log
as if they were coming from the SysLog-NG
machine....







Ohh before I forget we
are running ONMS 1.3.2 on Debian Etch..







Regards


Lee
Quince
Managing
Technical Director
iQunity Ltd

Undivided Attention
mobile: 07970 070 806
fax: 08703 835 661


Internet
Email Confidentiality Notice:
This
message contains confidential information. If you are not the addressee
indicated in this message, you may not copy or deliver it to anyone.
In
such case, you should destroy this message and kindly notify us by reply
email.






-------------------------------------------------------------------------
Using
Tomcat but need to do more? Need to support web services, security?
Get
stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642



_______________________________________________
Please
read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss
mailing list

To *unsubscribe* or change your subscription options,
see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss










-------------------------------------------------------------------------
Using
Tomcat but need to do more? Need to support web services, security?
Get
stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Please read the
OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss
mailing list

To *unsubscribe* or change your subscription options,
see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss







Everyone is raving about the all-new Yahoo! Mail beta.
-------------------------------------------------------------------------
Take
Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's
Techsay panel and you'll get the chance to share your
opinions on IT &
business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Please read the
OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss
mailing list

To *unsubscribe* or change your subscription options, see
the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss





-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Please read the OpenNMS Mailing List FAQ:
http://www.opennms.org/index.php/Mailing_List_FAQ

opennms-discuss mailing list

To *unsubscribe* or change your subscription options, see the bottom of this page:
https://lists.sourceforge.net/lists/listinfo/opennms-discuss