Hi Rudi,
You can use the following KB article as a guideline to add Syslog Trap Mapping to Spectrum:
Adding Cisco Syslog Trap Mappings to Alarms
https://knowledge.broadcom.com/external/article?articleId=195487By running the following snmptrap command line on a host with Net-SNMP agent you can generate the Syslog trap on demand:
snmptrap -v 2c -c public 10.4.6.7:162 '' 1.3.6.1.4.1.9.9.41.2.0.1 1.3.6.1.4.1.9.9.41.1.2.3.1.2 s "SYS" 1.3.6.1.4.1.9.9.41.1.2.3.1.3 i 3 1.3.6.1.4.1.9.9.41.1.2.3.1.4 s "PRIVCFG_ENCRYPT" 1.3.6.1.4.1.9.9.41.1.2.3.1.5 s "Successfully encrypteed private config file" 1.3.6.1.6.3.18.1.3.0 a 10.5.4.1
Where: 10.4.6.7 is the IP address of the SpectroSERVER machine and 10.5.4.1 is the IP address of the device
The following events are generated with a Major alarm:
1. Add the following line in the $SPECROOT/SS/CsVendor/Cisco_Router/Rtr.txt file:
SYS 2 PRIVCFG_ENCRYPT 0xfff00000
Note: 0xfff00000 is just an example. You can use any custom event code available.
2. Add the following line in the $SPECROOT/SS/CsVendor/Cisco_Router/EventDisp file:
0xfff00000 E 0
3. Click on the "Update Event Configuration" button under the SpectroSERVER Control subview of the VNM model:
4. Next time, that particular Syslog trap will not generate a Major alarm.
I hope that helps.
Thanks,
Silvio
Original Message:
Sent: 09-16-2021 05:03 AM
From: Rudi Baldo
Subject: Filter out one specific syslog message
Hi world,
we are getting in Spectrum alarms caused by syslog Messages from the devices.
Does anybody knows if it is possible to filter out an expression containing "successfully"?
For that we don't want an alarm, because the action succeeded.
The event configuration is quite complicated as I see in Spectrum:
Did anyone of you encountered this problem an find a way to resolve that?
If yes, how by configuring Spectrum or by configuring the Cisco devices?
Thank you very much.
Regards, Rudi