Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Kiwi Syslog Server > Kiwi Syslog Server Documentation > Kiwi Syslog Server Administrator Guide > Scripting resources > Script examples

Script examples

If you want to add an action to run a script, use the examples in the following section to help you get started writing scripts. The \Scripts folder in the Kiwi Syslog Server installation directory also includes sample scripts that show you how to play sounds, send e-mail, log to file. and other actions.

If you have created a custom parsing script or something that would be useful to others, please share it with the SolarWinds user community.

The following examples are provided:

PIX message lookup

The function below checks the message for specific PIX message numbers and passes the explanation to a custom message field. The custom fields can then be used in a "Send e-mail" action.

The values used in this script are found on the Cisco website.

Run Script action setup

Common fields: Read=yes

Custom fields: Write=yes

Rules setup

Rules setup
	Rule: Lookup PIX msg
Filters
	Filter: Host IP address: Simple: Match PIX firewall address
Actions
	Action: Run Script: Lookup PIX msg
	Action: Send e-mail
		To: helpdesk@company.com:
		Subject: Problem with PIX
		Body: %MsgText
		Explanation: %VarCustom01
	Action to take: %VarCustom02
			
Rules
	Function Main()
	' Set the return value to OK
	Main = "OK"
	' By default, skip to the next rule, don't take the actions that follow
	' If we exit the function before we get to the end, the default 'skip to next rule'
	' will be used.
	Fields.ActionQuit = 100

	' Example of a PIX message
	' %PIX-4-209004: Invalid IP fragment...
	Dim M ' Message
	Dim E ' Explanation
	Dim A ' Action
	 
	' Copy message to local variable for speed
	M = Fields.VarCleanMessageText
	 
	' If message length is too short, exit function
	If Len(M) < 15 then exit function
	' Grab the first 15 chrs
	M = Left(M,15)
	 
	' Check the message is a valid PIX message
	If Mid(M,1,5) <> "%PIX-" then exit function
	 
	' Add any additional checks you want to perform here
	 
	' Grab the important part ("4-209004")
	M = Mid(M,6,8)
	E = ""
	A = ""
	' Now lookup the values and create an explanation and action for each match
	Select Case M

		Case "4-209004"
			E = "An IP fragment is malformed. The total size of the reassembled IP packet exceeds the maximum possible size of 65,535 bytes"
			A = "A possible intrusion event may be in progress. If this message persists, contact the remote peer's administrator or upstream provider."
		Case "2-106012"
			E = "This is a connection-related message. An IP packet was seen with IP options. Because IP options are considered a security risk, the packet was discarded."
			A = "A security breach was probably attempted. Check the local site for loose source or strict source routing."
 
			' Insert other values to lookup here
	End Select
 
	' Exit if we don't have any values to pass
	If len(E) = 0 then exit function
	If len(A) = 0 then exit function
 
	' Pass the Explanation and Action to take to the custom variables
	Fields.VarCustom01 = E
	Fields.VarCustom02 = A
 
	' Since we have a valid match, we want to execute the send e-mail action which follows.
	' Setting ActionQuit to 0 means we won't skip any actions.
	Fields.ActionQuit = 0
 
End function

All the variables - (Info function)

The function below shows all the available field variables. This function can be pasted into your script as a reference.

All the variables are remarks and will not be executed if the function is called.

Function Info()

' // Common fields
' VarFacility
' VarLevel
' VarInputSource
' VarPeerAddress
' VarPeerName
' VarPeerDomain
' VarCleanMessageText
 

' // Other fields

' VarDate
' VarTime
' VarMilliSeconds
' VarSocketPeerAddress
' VarPeerAddressHex
' VarPeerPort
' VarLocalAddress
' VarLocalPort
' VarPriority
' VarRawMessageText (Read only)
 
' // Custom fields
' VarCustom01 to VarCustom16
 
' // Inter-Script fields
' VarGlobal01 to VarGlobal16
' // Custom Stats fields
 
' VarStats01 to VarStats16
' // Control and timing fields
' ActionQuit
' 0=No skip, 1-99=skip next n actions within rule,
' 100=skip to next rule, 1000=stop processing message
'
' SecondsSinceMidnight
' SecondsSinceStartup
 
' // Functions and Actions
' IsValidIPAddress(IPAddress as string) as boolean
' ConvertIPtoHex(IPAddress as string) as string
' ActionPlaySound(SoundFilename as string, RepeatCount as long)
' RepeatCount 0=until cancelled, 1-100=repeat x times
' Soundfilename ""=system beep, "wav file name"=play wav file
 
' ActionSendEmail(MailTo as String, MailFrom as string, MailSubject as string, MailMessage as string
' Sends an e-mail message to the addresses specified in MailTo
 
End function
Last modified

Tags

Classifications

Public
Powered by MindTouch ®