To send syslogs to Iris, they need to be sent as unauthorised to either the Iris DCE or the Iris poller using level local5 and above. The hostname of the device sending the logs must match the hostname within Iris so that events/alarms can be correctly generated.

 

Once logs are being sent to Iris you will need to contact support and let us know which local level is being used and which log events you would like to have displayed in the front-end along with the severity levels. If you prefer, we can display all log events in the front-end with the severity level of "INFO", however, you will not be able to trigger alarms/notifications on these events.


To have certain events logged as Critical/Clear to generate alarm notifications, you will need to supply Iris Support with a list of log events and their severity levels you wish to generate alarms from. This is currently done via the Iris back-end by editing a file that contains the regex that we match on along with the severity level, the event state and the Event Message. An example of this file can be seen below.

 

Traps are processed in the same way as syslogs.

 

 example of syslog filters

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# This is a list of syslog facilities (inetd) to be processes
# By default all "Critical" logs are sent though.
#severity levels
#6 => "Debug",
#5 => "Info",
#4 => "Warning",
#3 => "Error",
#2 => "Critical",
#1 => "Down",
#0 => "Emergency"
# Regex match  Severity  State  Deduplocation  Message
 
# excludes vi interfaces from alarms
#%LINEPROTO-5-UPDOWN.*Virtual-Access.*  4  LOG
 
 
%LINEPROTO-5-UPDOWN.*up  5  CLEAR  Link Down
%LINEPROTO-5-UPDOWN.*down  2  ALARM  Link Down
 
%REP-SP-4-LINKSTATUS.*is\s+operational  5  CLEAR  REP Wrapped
%REP-SP-4-LINKSTATUS.*non-operational  2  ALARM  REP Wrapped
 
%ETHER_CFM-6-ENTER_AIS_INT  4  LOG
%ETHER_CFM-6-EXIT_AIS_INT  4  LOG
 
%OSPF-5-ADJCHG.*to\s+FULL  5  CLEAR  OSPF Adjacency down
%OSPF-5-ADJCHG.*to\s+DOWN  2  ALARM  OSPF Adjacency down
 
%BGP-5-ADJCHANGE.*Down\s+BGP.*  5  CLEAR  BGP Neighbor down
%BGP-5-ADJCHANGE.*Up  2  ALARM  BGP Neighbor down
 
#log random cisco levels
#%.*-6-.*  6  LOG
#%.*-5-.*  5  LOG
#%.*-4-.*  4  LOG
#%.*-3-.*  4  LOG
#%.*-2-.*  4  LOG
#%.*-1-.*  4  LOG
 
# log exim logs
#exim  4  LOG