Ask the Community
Groups
Troubleshooting: Reviewing all incoming syslog data - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>PROBLEM:</strong></p> <p>Syslog data that is not matched by a rule will not be displayed in the logs by default</p> <p> </p> <p><strong>RESOLUTION:</strong></p> <p><br>The rules source file has a tag <logunmatched>. This needs to be set to true.</p> <p><strong>NOTE:</strong> When troubleshooting is completed, please ensure that <logunmatched> is set back to false</p> <p><strong>Details:</strong><br>* It is recommended that changes be made to the file in TRAVERSE_HOME\plugin\messages<br>* Review if TRAVERSE_HOME\plugin\messages\00_src_syslogd_default.xml exists<br>* If it does not, copy TRAVERSE_HOME\etc\messages\syslog\00_src_syslogd_default.xml to TRAVERSE_HOME\plugin\messages\00_src_syslogd_default.xml then make these changes to the copied file:<br>* Ensure that the syslog listener is set to 'enabled'</p> <pre class="code codeBlock" spellcheck="false" tabindex="0"> <enabled>true</enabled></pre> <p>* Change the entry</p> <pre class="code codeBlock" spellcheck="false" tabindex="0"> <logunmatched>false</logunmatched></pre> <p> to</p> <pre class="code codeBlock" spellcheck="false" tabindex="0"> <logunmatched>true</logunmatched></pre> <p>* save the file<br>* reload the configuration as indicated in <a rel="nofollow" href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/hc/en-gb/articles/229044148-Deploying-a-new-message-rule-file">Deploying a new message rule file</a><br>* Issue new traps and review <code class="code codeInline" spellcheck="false" tabindex="0"><Traverse_home>logs/msgsvr/messages.log</code></p> <p><strong>Rollback:</strong><br>Once troubleshooting is completed</p> <p>* Edit TRAVERSE_HOME\plugin\messages\00_src_syslogd_default.xml<br>* Change the entry<br> <logunmatched>true</logunmatched><br> to<br> <logunmatched>false</logunmatched><br>* save the file<br>* reload the configuration as indicated in <a rel="nofollow" href="https://kaseya.vanillacommunities.com/kb/articles/aliases/kaseya/hc/en-gb/articles/229044148-Deploying-a-new-message-rule-file">Deploying a new message rule file</a><br>* Issue new traps and ensure rejected entries do not show in TRAVERSE_HOME\logs\msgsvr\messages.log<br>* If the file TRAVERSE_HOME\plugin\messages\00_src_syslogd_default.xml was created explicitly for this article, you may delete it. If it has other customizations, you may retain it.</p> <p><strong>NOTE:</strong> this article applies to SNMP traps and Windows events as well. The corresponding src file must be used.<br>For traps, replace 00_src_syslogd_default.xml in all the paths above with 00_src_snmp_trap.xml<br>For Windows events, replace 00_src_syslogd_default.xml in all the paths above with 00_src_winevt_log.xml</p> <p><strong>APPLIES TO:</strong></p> <p>All versions of Traverse</p> <p> </p> </article> </main>