|
- Review the Parsers documentation:
Parsers Documentation.
- If the Parser Test is successful, but the logs are still not parsed from the Parser:
1) Ensure that the parser is enabled at Admin -> Device Support -> Parsers tab.
2) At the Admin -> Device Support -> Parsers tab, select the Apply button to apply the changes.
3) If after following steps 1 and 2, the logs are still not parsed, restart phParser both on Supervisor and Collectors CLI:
killall -9 phParser
- If the events are not recognized by the parser during the Test and are recognized from another parser or from no parser, then review the event FormatRecognizer. Example:
For this log:
2011-04-14 02:03:59 0.0.0.0(via UDP: [192.168.20.214]:45440) TRAP2, SNMP v2c, community public . Cold Start Trap (0) Uptime: 0:00:00.00 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (30) 0:00:00.30 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.903.8.0.1 SNMPv2-SMI::enterprises.903.1.9.2.1.2 = INTEGER: 2 SNMPv2-SMI::enterprises.903.1.9.2.1.3 = Hex-STRING: 07 DB 03 01 11 0F 38 00 2B 00 00 00 SNMPv2-SMI::enterprises.903.1.9.2.1.4 = INTEGER: 4 SNMPv2-SMI::enterprises.903.1.9.2.1.5 = INTEGER: 1 SNMPv2-SMI::enterprises.903.1.9.2.1.6 = STRING: "Power Down: System is Halting " SNMPv2-SMI::enterprises.903.1.1.9 = INTEGER: 1 SNMPv2-SMI::enterprises.903.1.9.2.1.1 = INTEGER: 13
the eventFormatRecognizer is:
<eventFormatRecognizer><![CDATA[\bSNMPv2-SMI::enterprises\.903\.8\.0\.1\b]]></eventFormatRecognizer>
For further information about parsers and customizations on Parsers, there is a dedicated training:
Parsers Training
|
