1. Cartridge Packs
  2. Configuring the Syslog Collection Cartridge Pack

15 Configuring the Syslog Collection Cartridge Pack

This document describes how to configure the nodes included in the Oracle Communications Offline Mediation Controller Syslog Collection Cartridge Pack.

Topics in this document:

About the Syslog Collection Cartridge Pack

The Syslog Collection Cartridge Pack collects syslog files from multiple devices.

Configuring the Syslog CC Node

To configure the Syslog CC S CC node, you configure standard parameters, include file management and FTP connection configurations.

Syslog Rotation On AIX 5.3

The file /etc/syslog.conf contains information used by syslogd and the syslog daemon process, to forward a system message to appropriate log files or users or both. Since AIX has no logrotate daemon running, you must adapt syslogd to do the syslog rotation. The format would be

Syntax: <selector> <action> <rotate_info>

Example 1:

mail.debug /var/log/mail rotate size 100k files 4  # 4 files, 100kB each

Example 2: 

user.debug /var/log/user rotate files 12 time 1h # 12 files, hourly rotate

Rotation can be based on size or time or both.

Size: This keyword specifies that rotation is based on size. It is followed by a number and either a k (kilobytes) or m (megabytes).

Time: This keyword specifies that rotation is based on time. It is followed by a number and either a h(hour) or d(day) or w(week) or m(month) or y(year).

NAR Attributes and Error Scenarios

Table 15-1 details the Network Accounting Record (NAR) attributes, as well as potential error scenarios.

Table 15-1 Network Accounting Record Attributes and Potential Errors

NAR ID Type Value

facility

string
This field can be blank or contain any of the following values:
  • user
  • kern
  • mail
  • daemon
  • auth
  • lpr
  • news

messageId

string

This field can be blank or contain a numeric value.

filename

string

Input file name.

processName

string

This field can be blank or contain a string value such as sendmail or mountd.

processId

string

This field can be blank or contain a numeric value.

message

string

Syslog message.

date

string

The date as a string value in the format:

MMM d HH:mm:ss

For example: Dec 2 16:40:50

level

string
This field can be blank or contain any of the following values:
  • emerg
  • alert
  • crit
  • err
  • warning
  • notice
  • info
  • debug
  • none

host

string

This field can be an IP address or host name.

nar_errorFlag

integer

A flag that indicates whether any problems were detected while parsing the CDR (0 means that no problems were detected and 1 means that a problem was detected).

The following are potential error situations where the node will skip the record and create a log:

  1. If date field is not in the format MMM d HH:mm:ss.

  2. If the processId is not a valid numeric value.

  3. If there are any missing fields in the input data, such as date, host or message, for example.

The node will create a log with the following format:

Invalid Data, File data not as expected, Invalid syslog record in 'filename' file: 'syslog_record' This record cannot be processed

For example: 

Invalid Data, File data not as expected, Invalid syslog record in 'message3.complete' file: '09 26 05:26:36 servcomnetdb25 mountd[5436]: [ID 882487 daemon.error] unable to create nfsauth service' This record cannot be processed

Known Problems

The following are known problems for this cartridge pack:

  1. In the event of an FTP session failure, the CC node will attempt to re-establish the session every 5 seconds, instead of the configured FTP Interval value on the FTP Settings tab. The CC node will continue to attempt a re-connection until it successfully transfers the file. The CC node will generate a log message for each unsuccessful FTP attempt. If there is a problem with the network or the FTP server, you may want to stop the CC node, fix the problem, and then restart the CC node.

  2. When provisioning the local directory where the CC node is to collect files, if the specified directory does not exist, the CC node will raise a critical alarm and will not start.

  3. When configuring the prefix and suffix values for the CC node, non-alphanumeric characters, such as . and _ are supported but the # and / characters are not supported. Using these unsupported characters can result in the use of unexpected values when the data files are being renamed.