2010-10-15

Kiwi Syslog Server 之 Rule 上限修改

32位元機器:

路徑:
HKEY_LOCAL_MACHINE\SOFTWARE\SolarWinds\Syslogd\Options
數值:
MaxRuleCount
最小值:
10
最大值:
999
預設值:
100
Type: The Maximum number of rules allowable in Kiwi Syslog Server


64位元機器:

On 64-bit Windows installations, Kiwi Syslog Server runs in WOW (Windows on Windows) 32-bit
emulated mode. In WOW mode, the SolarWinds registry hive resides in:
HKEY_LOCAL_MACHINE\Software\WOW6432Node, not in HKEY_LOCAL_MACHINE\Software
as it does on a native 32-bit Windows environment.

If you are running Kiwi Syslog Server on a native 64-bit windows machine, please re-map all
registry settings from HKEY_LOCAL_MACHINE\Software\SolarWinds\... to:
HKEY_LOCAL_MACHINE\Software\WOW6432Node\SolarWinds\...


注意!Kiwi Syslog Server 之 Rule 上限預設值為「100」,若您有超過 100 個 Rule 的需求,可以從上列登錄檔位置來修改預設值,但是原廠並不建議這樣作,因為,這個數值太高會影響 Kiwi Syslog Server 的效能,且讓記憶體的消耗急劇增加,如果您的 Rule 接近 100 條數量限制,SolarWinds 建議您尋求替代方法,例如:利用 File Logging AutoSplit(自動分割) 的功能,就是一個可行的替代方案,請看下列說明:

AutoSplit values

Using AutoSplit values can eliminate the need to use filters and actions to split incoming messages into multiple log files.

To use the AutoSplit values, place the cursor at the point you want to insert the new value and then click the "Insert AutoSplit value" link and choose from the menu items. The new variable will be placed at the current cursor position.

When a message is received, the variable will be replaced with a value from the message. For example %PriLevAA will be replaced with the message Priority level.

The AutoSplit values can be used anywhere within the path or log file name, as long as the result would make a valid file name.

Some examples:

To split the messages into separate files based on the day of the month.

C:\Logs\MyLogFile%DateD2.txt

The %DateD2 part would be replaced by the current day of the month. If it was the 23rd of the month, the message would be written to:
C:\Logs\MyLogFile23.txt

Any number of AutoSplit values can be used within the path or file name.

To split the messages based on priority level and current date, use:
C:\Logs\%PriLevAA\MyLogFile-%DateISO.txt

The resulting path and file name would look like this:
C:\Logs\Debug\MyLogFile-2002-04-09.txt

Or you could split the messages based on the sending host, then break each host into priority level
C:\Logs\%HostName.%HostDomain\MyLogFile-%PriLevAA.txt

The resulting path and file name would look like this:
C:\Logs\myhost.mycompany.com\MyLogFile-Debug.txt

If you are using the Run Script action, you can use any of the VarCustom or VarGlobal fields as an autosplit item.

Rather than remembering the %variable names, just use the menu items to insert the values.

Here are a list of all the currently available AutoSplit values:

Date values

Menu name: ISO Date (YYYY-MM-DD)
Parameter: %DateISO
Explanation: International formatted date in the format YYYY-MM-DD. Leading zeros, always 10 characters in length.
Example: 2002-10-15

Menu name: Year (YYYY)
Parameter: %DateY4
Explanation: 4 digit year, always 4 characters in length.
Example: 2002

Menu name: Year (YY)
Parameter: %DateY2
Explanation: 2 digit year, always 2 characters in length.
Example: 02

Menu name: Month (MM) with leading zero
Parameter: %DateM2
Explanation: 2 digit month with leading zero, always 2 characters in length.
Example: 12

Menu name: Month (MMM) in English
Parameter: %DateM3
Explanation: 3 character month in English, always 3 characters in length. First letter is in upper case. (Jan, Feb, Mar, Apr…)
Example: Nov

Menu name: Date (DD) with leading zero
Parameter: %DateD2
Explanation: 2 digit day of the month with leading zero, always 2 characters in length.
Example: 05

Menu name: Day (DDD) in English
Parameter: %DateD3
Explanation: 3 character day of the week in English, always 3 characters in length. First letter is in upper case. (Sun, Mon, Tue…)
Example: Fri

Time values

Menu name: Hour (HH) with leading zero
Parameter: %TimeHH
Explanation: 2 digit hour, always 2 characters in length. 24 hour display. 3 p.m. = 15
Example: 14

Menu name: Minute (MM) with leading zero
Parameter: %TimeMM
Explanation: 2 digit minute, always 2 characters in length.
Example: 59

Menu name: AM/PM indicator (AM or PM)
Parameter: "%TimeAMPM
Explanation: 2 character time of day indicator. Always 2 characters in length. 00:00 to 11:59 = AM. 12:00 to 23:59 = PM
Example: AM


Priority values

Menu name: Level (Alpha)
Parameter: %PriLevAA
Explanation: The message priority level as a word. Debug, Notice, Info…
Example: Critical

Menu name: Facility (Alpha)
Parameter: %PriFacAA
Explanation: The message priority facility as a word. Local1, News, Cron…
Example: User

Menu name: Level (2 digit numeric)
Parameter: %PriLev00
Explanation: The message priority level as a 2 digit number. 00 to 07
Example: 05

Menu name: Facility (2 digit numeric)
Parameter: %PriFac00
Explanation: The message priority facility as a 2 digit number. 00 to 23
Example: 23

Menu name: Priority (3 digit numeric)
Parameter: %Pri000
Explanation: The message priority as a 3 digit number. 000 to 191
Example: 016

IP Address values (Only in the registered version)

Menu name: IP Address (4 octets, zero padded)
Parameter: %IPAdd4
Explanation: The IP address of the device that sent the message. Each octet is zero padded. Always 15 characters in length
Example: 192.168.001.024

Menu name: IP Address (3 octets, zero padded)
Parameter: %IPAdd3
Explanation: The first 3 octets of the IP address of the device that sent the message. Each octet is zero padded. Always 11 characters in length.
Example: 192.168.001

Menu name: IP Address (2 octets, zero padded)
Parameter: %IPAdd2
Explanation: The first 2 octets of the IP address of the device that sent the message. Each octet is zero padded. Always 7 characters in length.
Example: 203.056


Host name values (Only in the registered version)

Menu name: Hostname (no domain)
Parameter: %HostName
Explanation: The host name of the device that sent the message. Just the host name, no domain name is included.
Example: sales-router

Menu name: Domain (no host)
Parameter: %HostDomain
Explanation: The domain name suffix of the device that sent the message. Just the domain name, no host name is included.
Example: mycompany.co.nz

Menu name: Reversed domain (no host)
Parameter: %HostDomRev
Explanation: The domain name suffix of the device that sent the message, in reverse order. Just the domain name, no host name is included.
Example: nz.co.mycompany


Message Text - WELF format (Only in the registered version)

WELF format is the WebTrends Extended Logging Format. This format is used by many firewalls such as, GNATBox, SonicWall, CyberWallPlus, NetScreen etc. Each field within the message text is prefixed with a identifying tag. Such as fw= for the firewall name, src= for the source of the packet being logged. More fields will be added into the AutoSplit list later. Contact http://www.kiwisyslog.com/support/ if you need one added.

Menu name: Firewall name (WELF format)
Parameter: %TextFW
Explanation: The name of the firewall that created the message.
Example: protector

Menu name: Source address (WELF format)
Parameter: %TextSrc
Explanation: The source IP address of the packet being logged by the firewall. (Not zero padded, unless this has been done by the firewall already)
Example: 192.168.1.6

Menu name: Destination address (WELF format)
Parameter: %TextDst
Explanation: The destination IP address of the packet being logged by the firewall. (Not zero padded, unless this has been done by the firewall already)
Example: 203.57.12.1

Menu name: Protocol (WELF format)
Parameter: %TextProto
Explanation: The protocol of the packet being logged by the firewall.
Example: http


Input Source values (Only in the registered version)

Menu name: Input Source (UDP/TCP/SNMP)
Parameter: %InpSrc
Explanation: Identifies the input source of the message. (The listening method that received the message)
Example: UDP

Custom/Global script fields (Only in the registered version)

Menu name: VarCustom01 to VarCustom16
Parameter: %VarCustom01 to %VarCustom16
Explanation: There are 16 custom fields that can be modified by the Run Script action. If these fields have not been modified by the script, they will be blank. Be aware that a blank autosplit value may result in an invalid file name. The custom field values are cleared when a new message arrives. They are only valid for the current message. To store values longer than a single message, use VarGlobal fields.
Example: Any value that the script creates can be used.

Menu name: VarGlobal01 to VarGlobal16
Parameter: %VarGlobal01 to %VarGloabl16
Explanation: There are 16 global fields that can be modified by the Run Script action. If these fields have not been modified by the script, they will be blank. Be aware that a blank autosplit value may result in an invalid file name. The global fields retain their value between messages.
Example: Any value that the script creates can be used.


原廠文件:
http://www.kiwisyslog.com/help/syslog/index.html?rules_maximumrulecount.htm

沒有留言: