Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
971
Views
0
Helpful
4
Replies

Filter syslogs in a Custom report LMS 4.2

Keith Miller
Level 1
Level 1

‎03-18-2013 06:46 AM

Hello all,

I would like to create custom reports using the Report Designer (Reports -> Report Designer -> Syslog) and filter certain syslogs from being seen when I run the report like permitted ACL entries, 802.1x successful authentications. It seems like there is only the option of displaying what you want to see, not what you don't want to see. Anyone ever done this?

Regards,

Keith

Labels:
0 Helpful
4 Replies 4

Nael Mohammad
Level 5
Level 5

‎03-18-2013 03:05 PM

The only thing I can think of since that option is not present is to use filters:

Step 1 Select Admin > Network > Notification and Action Settings > Syslog Message Filters.

A dialog box with a list of filters, appears in the Message Filter page.

Step 2 Specify whether the filter should be a dropped or kept, by selecting either Drop or Keep.

•If you select Drop, the Common Syslog Collector drops the Syslogs that match any of the Drop filters from further processing.

•If you select Keep, Collector allows only the Syslogs that match any of the Keep filters, for further processing.

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.2/user/guide/admin/useNotif.html#wp1074837

You would then define the message filters you dont want such as the ones you mentioned as "drop" so they are not included in the report or syslog.

0 Helpful

Keith Miller
Level 1
Level 1
In response to Nael Mohammad

‎03-19-2013 04:49 AM

Thanks for the reply Nael and that's exactly what I was hoping to avoid. I don't want to drop any of the syslogs. I would like Cisco Prime to receive all syslogs and be able to see what I want to see by using custom reports. If there's no way, I'll accept that but I do recall in LMS3.2 (Cisco Works), there was a way to use regular expressions to filter certain items. Of course, I don't remember the syntax used and if it's even possible in Cisco Prime because documentation doesn't talk about it.

Regards,

Keith

0 Helpful

Nael Mohammad
Level 5
Level 5
In response to Keith Miller

‎03-19-2013 12:19 PM

It appears to be the case since its only list what you want to see using the "Syslog Types" to define the message. You can be more granular and include the facility, sub-facility, severity, mnemonic, and the description of the expected messages you want in the report.

0 Helpful

Keith Miller
Level 1
Level 1
In response to Nael Mohammad

‎03-19-2013 01:24 PM

Unfortunately, I want to only get rid of a few syslogs entries and show the rest so it is not feasible to do it that way. Thanks though!

Regards,

Keith

0 Helpful
Customers Also Viewed These Support Documents