Hello all,

storing the interface of the cisco-syslog message is important to group
events, alerts based on this msg.

I used:

Code:
--------------------
Record.prototype.customParse = function(e) {

//interface nummer aus Syslog-msg herausfiltern: fa8/8 gi8, gi8.9, te8/8/8

var intport=this.msg.match(/(on interface|interface|port|putting|[^i^ ]on) (\D+ ?(\d+|\.|\/|\d.*?))(:|,| )/i);
if(intport != null) {
var intface=intport[2];
var prt1=intport[3];
e.TargetServiceName=intface;
e.dxport=prt1;
}
e.ReporterHostID = this.severity;
e.CustomerVar34= this.severity;

return true;
}
--------------------


1. [0-9] `Interface`
2. [10-31] `GigabitEthernet1/0/32`
3. [25-31] `1/0/32`
4. [31-32] `,`


this will parse:
"Interface GigabitEthernet1/0/32, changed state to up" etc
"BFD session to neighbor 10.x.x.x.x on interface Eth10/1 has been
created"
"Line protocol on Interface GigabitEthernet1/0/32, changed state to up"
etc.

Would be fine to have this coded in the next Connectors by NetIQ.

Torsten


--
tfechner
------------------------------------------------------------------------
tfechner's Profile: https://forums.netiq.com/member.php?userid=8929
View this thread: https://forums.netiq.com/showthread.php?t=55458