Purpose: This page will explain how to add a new node vendor in the event the default settings are not handling the syslog traps properly.
For this discussion well use the term 'newVendor' to be the variable the represents the new vendor we want opEvents to handle.
Determine what facility level these syslog traps should be stampped with. The syslog server will key on this facility level in order to route the syslog trap to the proper file. If the device syslog is very similar to Cisco then you may want to simply use the local7 facility and the syslog traps will be sent to /usr/local/nmis8/logs/cisco.log. Configure the nodes in question to send syslog to NMIS at the proper facility level.
For example, you may choose local6 for the newVendor switch.
The syntax is vendor dependant.
Ensure the syslog server is provisioned to received traps (udp & tcp).
This configuration can be done on the /etc/syslog.conf file. If the /etc/rsyslog.conf file contains:
$IncludeConfig /etc/rsyslog.d/*.conf
Then it can be made on any file in rsyslog.d/ with the .conf extention.
# enable network sources module(load="imudp") input(type="imudp" port="514") module(load="imtcp" MaxSessions="1000" MaxListeners="50") input(type="imtcp" port="514" # and handle inbound/slave NMIS syslogs local7.* /usr/local/nmis8/logs/cisco.log local1.* /usr/local/nmis8/logs/slave_event.log
Typically facilities local0 through local7 are used for routing syslog from external nodes. For example local6 could be used:
# and handle inbound/slave NMIS syslogs local7.* /usr/local/nmis8/logs/cisco.log local6.* /usr/local/nmis8/logs/newVendor.log local1.* /usr/local/nmis8/logs/slave_event.log
Provision syslog trap routing based on facility (restart syslogd)
modify EventParserRules.nmis to interpret events.
Tell opEvents to interpret that file. (restart opeventsd)
Identify GUI interesting events (EventActions.nmis)