Notifications

223 views

Description

Description


Many times, you may need to create Syslog probe script include to send logs to the on-premise syslog server via MID server as given below:

Send log messages from a ServiceNow instance to another machine

With this configurations, it will create an Output ECC queue and once we get the response it will create an ECC Input entry with state as Ready. But this Input ECC record never gets Processed and it remains in Ready state.

So, we may want to set them as processed or some kind of configuration like sending notifications etc. THis article describes how we can achieve this and you can edit the code as per the requirement.

Procedure


This is expected behavior. We are not processing these ECC from OOB. There are two options for this scenario:

  1. We can leave the ECC as it is and eventually these records will be truncated or purged as part of regular ECC Queue rotation (OOB 7 days).
  2. If we still want to process these records, we can write a business rule on the ecc_queue table and mark them as processed. Sample script looks below: 
(function executeRule(current, previous /*null when async*/) {

// Add your code here
var varAgent = current.agent;
gs.log("MID Server Logs been sent/grabbed successfully..\n MID Server - "
+ varAgent.split('.')[2]
+ " \n Type of Logs :"+current.name, 'MIDLogRetriever');
// Add custom script here based on your requirement. Like sending notifications etc..
current.state = 'processed';

})(current, previous);

 

Sample BR script is attached here Custom: Handle MID Logs Input ECC.

Note: Please note that this is a custom solution and it needs to be reviewed based on individual requirements especially the conditions in the BR and make sure it fits your requirements and won't break others. Also, test this in the sub-prod instance before you move this your PROD instance.

Applicable Versions


All versions.

Additional Information


Syslog probe

Article Information

Last Updated:2019-08-02 21:01:15
Published:2019-02-19