Matt,
I'd begin by alerting on any of the following terms (taken from the
Troubleshooting section of the Install Guide) and then filtering the noise
from the relevant.
Terms: 'exception|unable|fail|invalid|leak|invalid|warn'
Regards,
Matty Courtney
CloudPlatform Implementation Engineer, Worldwi
Caleb,
You're spot on. Trying to figure out the alerts and how to set them up.
Thanks,
Matt Mullins
CloudPlatform Implementation Engineer
Worldwide Cloud Services Citrix System, Inc.
+1 (407) 920-1107 Office/Cell Phone
matt.mull...@citrix.com
On 10/18/12 11:30 AM, "Caleb Call" wrote:
>
What exactly do you mean log parsing? We have our logs going in to splunk,
which wasn't any different than adding any other log in to splunk. Do you mean
setting up alerts around the logs?
On Oct 17, 2012, at 11:39 AM, Mathias Mullins
wrote:
> We are trying to setup Splunk to do log pars
Hi,
You could use syslog-ng on your management servers.
Set up a file source for syslog-ng (eg.):
file("/var/log/managementserver.log" program_override("CS-Manager1: "));
Then set up a remote destination (eg.):
destination d_tls {
tcp("splunk.myserver.com" port(516)
tls( ca_dir("/opt/sysl
