Hello,
in our SCOM is activated the nworks ESX Host Syslog: Error Alert and we have a lot of alerts.
Is there a events collection for these alerts, so we can analyse them in a Report?
thanks
Bruno
-
Bruno Varini
- Influencer
- Posts: 16
- Liked: never
- Joined: Jan 26, 2010 1:06 pm
- Full Name: Bruno Varini
- Contact:
-
Alec King
- VP, Product Management
- Posts: 1495
- Liked: 382 times
- Joined: Jan 01, 2006 1:01 am
- Contact:
Re: too much Syslog alerts
Hi Bruno,
Apologies for the delay in answering - we had a problem with our forum, I was not notified of new posts
Anyway - it is true that Syslog can be very verbose. It's not very user-friendly! I would recommend you only use Syslog if there is something there that is not available with other (better) methods - such as our default of the VMware vCenter API.
The Syslog Error rule has no filtering on it (by design) - so it will fire for every Syslog message with a severity of 'Error' (and above - Critical/Emergency etc)
So you don't need an event report - an Alert report (filtered for ESX Hosts/nworks Syslog alerts) will show you all the alerts, there will be one alert per event. The Ops Mgr generic report library 'Alerts' report would work fine.
Again - I'd recommend you review your use of Syslog. Probably any problem shown by a message in Syslog, also comes through the vCenter API. Syslog was traditionally used for hardware monitoring, but since nworks v4.0 we have also supplied hardware data via the vCenter API, without needing Syslog.
The vCenter API messages are usually much better formed, better targeted, more human-readable, and so more valuable, than Syslog.
Cheers,
Alec
Apologies for the delay in answering - we had a problem with our forum, I was not notified of new posts
Anyway - it is true that Syslog can be very verbose. It's not very user-friendly! I would recommend you only use Syslog if there is something there that is not available with other (better) methods - such as our default of the VMware vCenter API.
The Syslog Error rule has no filtering on it (by design) - so it will fire for every Syslog message with a severity of 'Error' (and above - Critical/Emergency etc)
So you don't need an event report - an Alert report (filtered for ESX Hosts/nworks Syslog alerts) will show you all the alerts, there will be one alert per event. The Ops Mgr generic report library 'Alerts' report would work fine.
Again - I'd recommend you review your use of Syslog. Probably any problem shown by a message in Syslog, also comes through the vCenter API. Syslog was traditionally used for hardware monitoring, but since nworks v4.0 we have also supplied hardware data via the vCenter API, without needing Syslog.
The vCenter API messages are usually much better formed, better targeted, more human-readable, and so more valuable, than Syslog.
Cheers,
Alec
Alec King
Vice President, Product Management
Veeam Software
Vice President, Product Management
Veeam Software
Who is online
Users browsing this forum: No registered users and 5 guests