Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-5843

syslogd split config not working using <import-file>

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.10.9
    • Fix Version/s: Backlog
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Environment:
      Debian Squeeze x86_64 GNU/Linux

      Description

      Syslogd fails to match anything in the split config files using the <import-file>syslog/foobar.syslog.xml</import-file> type syntax.

      If I put a something that matches everything in an imported file like this:

              <ueiMatch>
                  <match type="regex" expression=".*"/>
                  <uei>uei.opennms.org/syslogd/foobar</uei>
              </ueiMatch>
      

      If fails to create events.
      The syslogd log file shows the correct host and message details etc, but always matches the DISCARD-MATCHING-MESSAGES events.

      If I put it in the main syslgd-configuration.xml file, it works as expected (events are created).

      Here are my files:

      ### syslogd-configuration.xml ###

      <?xml version="1.0"?>
      <syslogd-configuration>
          <configuration
                  syslog-port="10514"
                  new-suspect-on-message="false"
                  parser="org.opennms.netmgt.syslogd.CustomSyslogParser"
                  forwarding-regexp="^((.+?) (.*))\n?$"
                  matching-group-host="2"
                  matching-group-message="3"
                  discard-uei="DISCARD-MATCHING-MESSAGES"
                  />
      
          <!-- Custom Stuff -->
          <import-file>syslog/foobar.syslog.xml</import-file>
      
          <ueiList>
              <!-- Catch all to discard anything else -->
              <ueiMatch>
                  <match type="regex" expression=".*"/>
                  <uei>DISCARD-MATCHING-MESSAGES</uei>
              </ueiMatch>
          </ueiList>
      
          <!-- Use the following to remove a syslog message from the event-trail -->
          <hideMessage>
              <hideMatch>
                  <match type="substr" expression="SECRET"/>
              </hideMatch>
              <hideMatch>
                  <match type="regex" expression=".*(double|triple)secret.*"/>
              </hideMatch>
          </hideMessage>
      
      </syslogd-configuration>
      

      ### syslog/foobar.syslog.xml ###

      <?xml version="1.0"?>
      
      <syslogd-configuration-group>
          <ueiList>
      
              <ueiMatch>
                  <match type="regex" expression=".*"/>
                  <uei>uei.opennms.org/syslogd/foobar</uei>
              </ueiMatch>
      
          </ueiList>
      </syslogd-configuration-group>
      

      Please let me know if you require any further info.

      Cheers,
      Just

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              nysasounds@googlemail.com jcat
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: