Configuring the IMS Syslog Listener

Written By Aaron Low (Administrator)

Updated at July 1st, 2022

Filtering incoming syslogs

The IMS Syslog receiver instance can be configured with a text blacklist and whitelist in order to reduce noise in the logs that are consumed and stored in the IMS database.

An example of a complete config:

{
    "config": {
        "log_text_blacklist": [
            r"%ILPOWER-[0-9]+-CONTROLLER_PORT_ERR",
            r"%ILPOWER-[0-9]+-POWER_GRANTED",
            r"%LINK-[0-9]+-UPDOWN",
        ],
        "log_text_whitelist": [
            r"MACFLAP_NOTIF"
        ]
        "offset": 8
    },
    "description": null,
    "enabled_data_types": {
        "ip_device": {}
    },
    "name": "Syslog receiver instance",
    "site_ids": [],
    "type_id": 52
}

The sections of importance are: config.log_text_blacklist and config.log_text_whitelist

Each row in these lists uses regex. There are many tutorials and tester programs on the internet:

Example tutorial: https://medium.com/factory-mind/regex-tutorial-a-simple-cheatsheet-by-examples-649dc1c3f285

Example tester: https://regex101.com/

In the case of a dual match, the whitelist will trump the blacklist.