 | Prerequisites*
|
- Add (or uncomment) the following block in log4j.xml.
<appender name="SYSLOG" class="org.apache.log4j.net.SyslogAppender"> <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/> <param name="Facility" value="LOCAL7"/> <param name="FacilityPrinting" value="true"/> <param name="SyslogHost" value="localhost"/> <layout class="org.apache.log4j.PatternLayout"> <param name="ConversionPattern" value="%c{1}[%r]: %m%n"/> </layout> </appender> <category name="net.hyperic.hq.bizapp.server.action.log.SyslogAction"> <priority value="ERROR" /> <appender-ref ref="SYSLOG"/> </category>
- Execute the following SQL against the HQ database by using a browser to navigate to .
http://hqhost:hqport/admin/sql.jspEscalation Works
This step is not necessary if you only plan to use the syslog feature in Alert Escalation, which already presents the UI for syslog actions.
UPDATE EAM_CONFIG_PROPS SET PROPVALUE = 'true' WHERE PROPKEY = 'CAM_SYSLOG_ACTIONS_ENABLED';
- Restart HQ
After restart, there will be a new section on the alert definition page. You will be able to add 3 fields to the syslog section. These fields were added specifically for a customer with a Tivoli installation, so they may or may not make sense to you. They will affect the log message logged to syslog. The line logged when the alert fires will look like this:
SyslogAction[ALERT_ID]: DB_1 4 META_PROJECT/PROJECT/VERSION RESOURCE_NAME : ALERT_NAME - ALERT_CONDITION
ALERT_ID = a number representing the alert ID in HQ.
META_PROJECT = the string you enter as the "Meta Project" in the syslog configuration on the alertdef
PROJECT = the string you enter as the "Project" in the syslog configuration on the alertdef
VERSION = the string you enter as the "Version" in the syslog configuration on the alertdef
RESOURCE_NAME = the resource name in HQ
ALERT_NAME = the alert name for the alert that is firing
ALERT_CONDITION = the alert condition and current value - example "If Availability > 0.0 (actual value = 1)"