The SyslogView module is the log and events collector for activities on remote hosts. Log messages or Eventlog entries of a Microsoft server are collected with this tool and stored for later auditing or search.
A recent customer request was to make these incoming events more transparent for monitoring. What if the remote SAFED agent discovers in the Eventlog of Windows, messages that belong to a certain ID and report a specific problem, such as the failure of a process or the unsuccessful login attempt ? With the build in Statistics tool of SyslogView it would be possible to generate reports for customizable event filters, but those schedules occur daily and therefore not that often to guarantee an immediate advice. The push strategy of such important messages into the NetEye MessageConsole could represent a solution!
For this customer I registered therefore an application handler based in the Syslog daemon of the NetEye server. This handler introduces a basic logic to interpret a Syslog Message of interest and forward the content in the desired manner to the MessageConsole indicating:
With this approach it is possible to get an overview of all open “messages” that can be handled as well known by any NetEye user: “Acknowledge”, “Close” or rise/lower the severity. According to the severity the Message is generated as Nagios check and Notified according the Service Template settings.
The script is integrated in the SyslogView version 2.0.12 of the latest NetEye 3.4 release.
Rsyslog 7.2 < is the basic requirement.
The script can be found at /var/lib/neteye/plugins/nesyslogview/scripts/rsyslog_generate_msg_msgconsole.sh