Team I know that the Nimsoft snmpgtw can send out traps for all alarms. Can the SYSLOG gateway send out SYSLOG events for all alarms somehow?
I would like to send all the alarm with all the detalis like assigned_to, assigned_by, assigned at, acknowledged_by, Acknowledged_at, accepted_by, accepted at, source, robot probe etc to a SYSLOG server.
The purpose is to have a software program called splunk co relate the nimsoft alerts to alerts form other systems we get. So splunk can read syslogs or anyu other method to get data. SNMP Traps beign elast preferred lol
There is an option to generate an alarm for every syslog message (Generate NimBUS Alarm) and then an option to relay all the original SYSLOG messages in the Remote Syslog Daemons text box.
I am not sure I follow sir, let me rephrase in a different manner.
I drew up the scenario. Basically the NAS gets alarms from all the probes and SYSLOG gateway generates alarms as a SYSLOG subject queue that the NAS picks up.
Now when the alerts are all in the NAS can it send out all alerts and syslog message generated alarms as a SYSLOG event out to a SYSLOG server?
The probe help says this about the sysloggtw probe:
The Nimsoft Syslog Gateway is capable of relaying or forwarding incoming syslog messages as well as Nimsoft messages to other syslog deamons.
There is a configuration option for the sysloggtw probe where you can enter remote syslog daemons. The probe help says this about that option:
Lists the Syslogd hosts to which relayed syslog messages of messages from the SYSLOG-OUT queue are sent.
When I start the probe, I can see it subscribes to the hub listening for messages with a subject of SYSLOG-OUT. Because the help mentions a SYSLOG-OUT queue, I suspect the probe tries to connect to a queue named SYSLOG-OUT first and then subscribes to messages with a subject of SYSLOG-OUT if no queue exists.
This should get you what you need. Now you just have to see how the outgoing syslog messages from alarms look and determine if they will meet your needs. If not, you can probably use a Lua script to format the messages and post them rather than letting the AO post them directly.
Let us know how this works for you and how it all interacts with Splunk.
Just a quick clarification, you will need to configure an AO profile with an action of repost to repost the incoming alarm with the subject SYSLOG-OUT so that the sysloggw picks them up.