Send certain syslog messages to different syslog servers

Similar Messages

• How to send the same message to two SMTP servers

  hi,
  I need to send a message to two different SMTP servers.
  I want to avoid the creation of new MimeMessage with a new Session.
  the only way I've found was to keep a reference to the Properties instance that was used in the Session creation, and modify its "mail.smtp.host" property.
  Is there another way? I must be missing something.
  thanks,
  ofer

  hi,
  I've already found the solution, so I'll post it here.
  first I'll explain the purpose:
  I needed to send the same message to a normal email server, and (for some of the recipients) to a special SMTP server that is on a different machine.
  the following code demonstrate the solution.
  thanks for your help.
  ofer
  ----------code---------------
  public class MultipleSendTest {
  private final static Session server1 = createSession("somesmtp_server.com");
  private final static Session _server2 = createSession("another_smtp_server.com");
  public static void main(String args[]) throws Exception {
  //create the message
  MimeMessage m = new MimeMessage(_server1);
  m.setText("body text");
  m.addRecipients(Message.RecipientType.TO, "[email protected]");
  m.setFrom(new InternetAddress("[email protected]"));
  //send
  send(m, _server1);
  send(m, _server2);
  private static void send(MimeMessage message, Session session) {
  //for logging only
  String host = session.getProperty("mail.smtp.host");
  try {
  Transport transport = session.getTransport("smtp");
  transport.connect();
  transport.sendMessage(message, message.getAllRecipients());
  System.out.println("sent to " + host);
  transport.close();
  } catch (MessagingException e) {
  System.out.println("failed to send to " + host);
  private static Session createSession(String host) {
  Properties properties = new Properties();
  properties.setProperty("mail.smtp.host", host);
  return Session.getInstance(properties);
  ----------code---------------

• Can we send the same message two different recievers with sequence

  Hi,
  i am sending the same message to two different receviers without using BPM.
  now i require to send with sequence.is it possible without BPM?

  Hey
  There are two options for this
  First one is to use Wait step in BPM as other experts suggested.
  Second one is a dirty way around,what you can do is send the second message to a dummy receiver first(may be a file on your XI server),then design one bypass scenario which will pick up the file after a specified time interval(give the poling interval you want).
  i would go for BPM coz its pretty straight forward,but in case you want to avoid BPM then u can use the second approach
  for bypass scenario,have a look at the following
  How to send any data (even binary) through XI, without using the Integration Repository

• Send Syslog messages to multiple SYSLOG servers

  Hi,
  We are have two syslog servers defined, however we notice that the ACS only sends the syslogs to one server and will only send to the other in a failure scenario, which is a standard operation across all platforms. However we have a requirement for the ACS to send syslogs to both servers simultaneously, is there a configuration option for this?
  Many Thanks
  Leon Noble

  You can do the following:
  1) Create a remote log target for your syslog server at
  System Administration >
  Configuration >
  Log Configuration >
  Remote Log Targets
  2) Configure the log categories that should be enabled to eb sent to this log target.
  Go to
  System Administration >
  Configuration >
  Log Configuration >
  Logging Categories >
  GlobalSelect a specifc category and then look at "Remote Syslog Target" tab.
  For each category that you want sent to your syslog server select the remote log target in the "
  Selected Targets" transfer box
  Note that this configuration is hierarchical. So if make configuration for one log category it applies to all subtemding categories. For example if configure
  "AAA Audit" then the configuration will apply to the pass and failed attempts categories

• B1iSN - sender and receiver message with different tesk

  Hi all,
  I have a question regarding the B1i.
  Is it possible to have the receiver will have a different task then the sender?
  My scenario is:
  The user creates a Delivery note in company "a",
  The B1i creates an Invoice from that Delivery Note in company "b".
  now I want to update the Delivery note with the DocEntry of the created Invoice.
  I copied all other fields to my receiver message.
  My problem is that I want on the event of "Create Invoice" in company "b" to update a Delivery note in company "a".
  I tried doing in 2 ways:
  one is in the xsl file I wrote the <QueryParams> element. Then I got this error: The business object already exists
  The second is without the <QueryParams> a new Invoice was created (but i wanted the existing one to be updated).
  Is it possible to do this in the B1i? How?
  Thanks in advance!
  Chana

  Hi Chana,
  Did you configured the biu to "Update on Exist"??? (Guide 03 Extensibility, section 2.14)
  You can have a look to the B1iSN 8.8 B12B1 Intercompany scenario in order to see how it is done (B1iSN 8.8 is already in GA). In that scenario the Subsidiary PO is updated with the number of the SO when the SO created by B1iSN in the Headquarters.
  Regards,
  Trinidad.

• As a pastor I often want to send e-mail messages to different groups within my church without the need to select each recipient each time.

  As a pastor I am interested in setting up several distinct lists of people to receive e-mail messages. Is that possible and if so how do I proceed?

  Firefox doesn't do email, it's a web browser.
  If you are using Firefox to access your mail, you are using "web-mail". You need to seek support from your service provider or a forum for that service.
  If your problem is with Mozilla Thunderbird, see this forum for support.
  [http://www.mozillamessaging.com/en-US/support/] <br />
  or this one <br />
  [http://forums.mozillazine.org/viewforum.php?f=39]

• Syslog messages AP541

  Hi community,
  to find the reason for my connection problems to our network over a AP541N
  I have configured the AP541 to send its syslog messages to a syslog server.
  Now I am looking for a document where I can find informations about the received
  messages.
  For example, what means
  hostapd: wlan0: IEEE 802.11 STA 78:a3:e4:3e:f7:19 deauthed from BSSID 00:21:29:03:18:40 reason 3
  or
  hostapd: wlan0: IEEE 802.11 STA 58:1f:aa:2c:96:4b disassociated from BSSID 00:21:29:03:18:40 reason 8
  Are there documents where the messages are explained ?
  Regards
  Joachim

  Here is a document for cisco wireless access controller client reason codes:
  http://www.cisco.com/en/US/docs/wireless/controller/3.2/configuration/guide/c32err.html
  Client Reason Code…Description…Meaning
  0…noReasonCode…Normal operation.
  1…unspecifiedReason…Client associated but no longer authorized.
  2…previousAuthNotValid…Client associated but not authorized.
  3…deauthenticationLeaving…The access point went offline, deauthenticating the client.
  4…disassociationDueToInactivity…Client session timeout exceeded.
  5…disassociationAPBusy…The access point is busy, performing load balancing, for example.
  6…class2FrameFromNonAuthStation…Client attempted to transfer data before it was authenticated.
  7…class2FrameFromNonAssStation…Client attempted to transfer data before it was associated.
  8…disassociationStaHasLeft…Operating System moved the client to another access point using non-aggressive load balancing.
  9…staReqAssociationWithoutAuth…Client not authorized yet, still attempting to associate with an access point.
  99…missingReasonCode…Client momentarily in an unknown state.

• Analyzing Syslog Messages

  Hello All,
  I've configured my ASA to send its log messages to Unix syslog server, and I can show all the messages from the server with no issues.
  As the file is getting so big, it will be hard to analyze it manually. I'm looking for log messages analyzer which can give me at lease some basic reports or statistics.
  Requesting your help on this!!
  Thanks,

  Hi All,
  I thought it is a good idea to share the workaround my colleague came up with for this prolem. there is a file called syslog-entries.txt under /opt/CSCOpx/conf. he added all the entries we needed like :
  local3.*     /var/log/syslog_info
  local5.*   /var/log/syslog_info
  the change was automatically reflected on syslog.conf
  now we receve alerts from facilities 3 and 5 besides 7.  hope this helps anyone who run into the same issue.

• Cisco MARS Syslog messages

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:10.0pt;
  font-family:"Times New Roman";
  mso-ansi-language:#0400;
  mso-fareast-language:#0400;
  mso-bidi-language:#0400;}
  Hi,
  I've recently noticed that ALL the syslog messages that are sent to our Cisco MARS device are then being sent to our syslog server. Besides the messages from our MARS device, the syslog server also gets the original syslog messages from our ASA and PIX firewalls (which, of course, also send to our MARS device). I would like to have MARS send syslog messages to the syslog server that pertain only to changes/events happening directly to the MARS device. Can anyone help me with this?
  Thanks in advance!

  Kerry;
    To have CS-MARS specific incidents forward to your syslog server, you will most likely want to add an action to generate a syslog for the CS-MARS-specific inspection rules.  These rules can be found by navigatng to:
  RULES>Inspection Rules
  from the Group: drop-down choose "System: CS-MARS Issues"
    You can then edit the Action: section for the specific rules (one at a time) to add a syslog action.  Specifics are outlined here:
  http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/alerts.html
  Scott

• Unable to stop syslog messages

  I keep getting the following syslog messages to my syslog server from our CUPS:-
  "133161: Jul 10 2013 09:32:21.387 UTC : %UC_RTMT-2-RTMT_ALERT: %[Name=CriticalServiceDown][Detail= Service operational status is DOWN.<010>Cisco UP XCP Message Archiver,Cisco UP XCP XMPP Federation Connection Manager.<010>The alert is generated on Wed Jul 10 10:32:21 BST 2013 on node 10.210.1.30.][App ID=Cisco AMC Service][Cluster ID=][Node ID=VOIP-TDC-CUPS-PUB-030]: RTMT Alert"
  The Cisco UP XCP Message Archiver service and the Cisco UP XCP XMPP Federation Connection Manager service are both activated, but both stopped. I have tried turning off any kind of alarm and trace config for both services but nothing seems to make any difference!!
  Any ideas?
  thanks

  By disabled Ryan is referring to Service Activation. As long as the service is activated, it will attempt to start periodically. Both of these services require specific configuration before they will run.
  Please remember to rate helpful responses and identify helpful or correct answers.

• Cisco EEM script to detect a sequence of SYSLOG messages

  Hi,
  I am trying to create an EEM "Port-knocking" script which should act upon an ordered sequence of SYSLOG messages. The SYSLOG messages are generated by some "deny tcp any any XXX log STRING" ACLs, applied to the outside interface. 
  Here is what I have already tried:
  ! <------- BEGIN ------->
  ip access-list extended INTERNET
  deny tcp any any eq 1234 log OPEN_SEQUENCE_A
  deny tcp any any eq 1235 log OPEN_SEQUENCE_B
  deny tcp any any eq 1236 log OPEN_SEQUENCE_C
  event manager environment 1ST_MATCH 0
  event manager environment 2ND_MATCH 0
  event manager applet ONE
  event syslog pattern "OPEN_SEQUENCE_A"
  action 1 set 1ST_MATCH "1"
  action 2 syslog msg "DETECTED SEQUENCE A!"
  event manager applet TWO
  event syslog pattern "OPEN_SEQUENCE_B"
  action 1 if $1ST_MATCH eq 1
  action 2 set 2ND_MATCH "1"
  action 3 syslog msg "DETECTED SEQUENCE B!"
  action 4 end
  event manager applet THREE
  event syslog pattern "OPEN_SEQUENCE_C"
  action 1 if $1ST_MATCH eq 1
  action 2 if $2ND_MATCH eq 1
  action 3 syslog msg "DETECTED SEQUENCE C!"
  action 4 syslog msg "PORT KNOCK SUCCESSFUL! UNLOCKING!..."
  action 5 end
  action 6 end
  ! <------- END ------->
  In the above I am somehow trying to "chain" the syslog events, yet I do not seem to be able to pass any information between the applets.
  Any comments are highly appreciated.
  Cheers,
  David

  EEM cannot detect syslog messages that it generates.  If you want to chain together events across multiple applets, use application-specific events.  For example:
  action 2 publish-event sub-system 798 type 1
  event application sub-system 798 type 1
  action 3 publish-event sub-system 798 type 2
  You can also pass up to four arguments as well if you need additional context.

• Internal Messages To Different Users

  HI !!!
  I Need to send an internal message to different users when i save an order in the standard transaction VA01, i already have the userexit, I only needs the part of the message, somebody can help me?
  Thanks & Regards

  Hi,
  Check these FMs..
  SO_OBJECT_SEND  - FM to send the message the sap user's inbox.
  TH_POPUP - FM to send message as a popup to the user..
  Thanks,
  Naren

• ASA 5550 - Two different syslogs servers

  Hi to all.
  In my Cisco ASA 5550, I need to set two different syslogs servers, and I need to send the system logs to the first one (only admins login/logout), and the traffic logs and all the rest (informational level) to the second one. Do you know if is it possible or not and, if yes, how to configure it? All suggestions will be really appreciated. Thanks.

  Hello,
  While there is a limitation in the syslog server configurations, you could
  use other logging methods to collect specific information. While it is not
  very efficient method, if you are just concerned about login/logout messages
  for security audit purposes, you could use email logging. You can create a
  logging list and then send those messages to your email.
  Example:
  logging list mail message 111008
  logging list mail message 111004
  logging from-address
  You can do similar things by sending specific log events to SNMP server as
  well.
  Hope this helps.
  Regards,
  NT

• Important! Can IDS 4.1x Send event messages to a syslog server??

  I know IDS event view and MC can pull the IDS event from IDS sensors and IDSM. But our company is think to collect all the security message in a syslog server. firewall can send syslog to this server. But for IDS and IDSM 4.1, I can't find a way to send the IDS event to syslog server. Is there any way to do that????
  I am really appreciate if you can help me,thanks.

  You comment is an easy statement to make, but IMHO unfair.
  If you look at the Cisco IDS/IPS product line's history, you'll realize that the current RDEP/SDEE communications model is infinitely more secure, while remaining easy to use, than any other method one could propose.
  Initially, the sensors pushed events to the centrally monitoring console via UDP (port 45000), with most of the data in the clear (the source and destination IP address were obfuscated). This is obviously not very safe because, even though the communications were pseudo connection-oriented due to checking by the application daemons at each end, it is possible to intercept and modify the IDS alert to inject false data.
  This same problem exists with stock syslog, since everything goes on the wire as a UDP packet and there is no data obfuscation or encryption what so ever.
  The distinct advantage to the current communications model is the fact that RDEP/SDEE use cryptography to protect your IDS/IPS alerts, and that is also uses a standards-based structure in XML-based forms to pass the data.
  Finally, since Cisco has released an SDK for RDEP/SDEE, and many 3rd party vendors have software that can act as RDEP/SDEE clients, I disagree that you’re stuck with the CiscoWorks-based VMS suite. Besides, you only have to buy the suite if you need to manage more than 5 sensors, but I digress...
  Alex Arndt

• Ability to send syslog events to multiple syslog servers - SA540

  Please add the ability to send syslog events to multiple syslog servers in the SA500 Series routers.  I know the functionality is currently in the RV220W because we utilized it.  It would be great if you could configure the syslog servers by event type as well.  For example, being able to send the kernel events to syslog server A, and all other events to syslog server B.

  You can do the following:
  1) Create a remote log target for your syslog server at
  System Administration >
  Configuration >
  Log Configuration >
  Remote Log Targets
  2) Configure the log categories that should be enabled to eb sent to this log target.
  Go to
  System Administration >
  Configuration >
  Log Configuration >
  Logging Categories >
  GlobalSelect a specifc category and then look at "Remote Syslog Target" tab.
  For each category that you want sent to your syslog server select the remote log target in the "
  Selected Targets" transfer box
  Note that this configuration is hierarchical. So if make configuration for one log category it applies to all subtemding categories. For example if configure
  "AAA Audit" then the configuration will apply to the pass and failed attempts categories