Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
1
Replies

Syslog Reporting - PI 3.1

BRANDON PORTER
Level 1
Level 1

‎06-21-2017 06:54 AM

We have our 800+ managed devices sysloging to our PI 3.1 server and utilize the Syslog Viewer - Historic Syslogs with the "Syslogs in the last 24 hours" filter to look for emerging issues and/or patterns across our enterprise. 

We were longtime users of Ciscoworks LMS 4.2 and were able to generate a daily syslog report job that would run every night at midnight and e-mail the list of filtered syslog events to our team for review each morning.

While I don't see that feature available in PI 3.1 currently, is there a way to generate a "scheduled" syslog report in PI or a way to generate and save a filter in the Syslog Viewer module to be able to filter out syslog messages by mnemonic or facility that we don't want to see?

Just wondering if anyone has figured out a workaround or if that pretty handy feature might be in the works. Looks like I might be able to build a "user defined" filter in Syslog Viewer and then apply that to the Syslogs in the last 24 hours which would be the manual version of the scheduled report.

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-21-2017 07:21 AM

Yes - you can do the filter as you mentioned. I've used that to good effect with several customers.

Unfortunately you don't have the ability to run scheduled reports like we could with LMS. I and others have complaiend bitterly to cisco at various forums about this feature gap to no avail.

They seem to have been more engaged in building in things like iWAN and ZTP support which almost nobody uses (except - I suspect - maybe a few VIP customers).

PI 3.2 is due out any day - though I wouldn't hold my breath expecting it to fix 5 years of feature gap.

Personally I would recommend several other Syslog products before PI - the paid Kiwi syslog server from SolarWinds is noce. I've also heard good things about Graylog and ELK though some assembly may be required. :)

https://medium.com/jetruby/log-management-graylog-vs-elk-fc93428e0f66

https://www.reddit.com/r/devops/comments/50wf7b/whether_to_use_graylog_vs_elk_stack/

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card