02-13-2014 10:56 AM
Syslog patterns detection
Trying to prevent change detection from occuring when certain users make a change. The change comes in from syslog.
We’ve tried modifying “Syslog Patterns to Ignore” to ignore the syslog event.
This is the string: “ %SYS-5-CONFIG_I: Configured from console by NACUser-ACL”
We tried using “Users to Ignore for Change Detection” the user is
Does “Syslog Patterns to Ignore” search the syslog message for any value in the message or is valid REGEX expression required?
02-13-2014 12:06 PM
The user "NACUser-ACL" is the one that you are trying to filter out? If that is the correct spelling of the user, it should filter if you add it to "Users to Ignore for Chagne Detection".
Yes, the patterns defined are text and they are searched for through the whole syslog message. However, regex is allowed as well, as you can see when looking at the default patterns in the Change Detection section of Administrative Settings.
If this doesn't give you what you need, then I would suggest going to Admin/Troubleshooting and setting "external/syslog" to trace and then making a test change on the device.
I would give it some time, or if you see a snapshot, then download troubleshooting with 4 wrapper files and Administrative settings checked.
Then we can look at the logs and see how the syslog message is formatted.
Online outReach Resource
The views and opinions expressed in my contributions are my own and do not necessarily reflect the views and strategy of HP
If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation.