Trigger midserver logs

snowuser111
Kilo Guru

‎12-19-2017 02:17 AM

Hi experts,

i have midserver setup and also business rule set to send the logs,

Is there anything i need to trigger or update so that logs start getting send apart from the BR written.

Not aware. Please help. My BR:

----------------------------------------------------------------------------------------------------

(function executeRule(current, previous /*null when async*/)

{

var sl = new Syslog('hostname', 'mid.server.midservername', 16);

sl.log(current.message, 6);

})

(current, previous);

----------------------------------------------------------------------------------------------------

0 Helpfuls
  • 2,002 Views
9 REPLIES 9

dravvyramlochun
ServiceNow Employee
ServiceNow Employee

‎12-19-2017 03:01 AM

Hello snowuser11



Have a look at the following documentation: MID server integrations


Syslog probe

The ServiceNow Syslog probe uses the MID Server to deliver log messages from a ServiceNow instance to another machine, such as a dedicated log server, using the syslog protocol over an IP network.


How the Syslog Probe Works

The syslog probe is launched by a ServiceNow Script Include (called Syslog) that can be invoked from a business rule, event, or Orchestration activity and is launched by a MID Server. A syslog server or any server that can receive messages using the syslog protocol must be installed on the recipient (target) machine. Typically, a dedicated log server in the network is configured to receive all internal syslog messages. Some products that accept syslog messages are:


  • ArcSight
  • Splunk
  • LogLogic
  • syslog-ng

Example

The Acme Corporation wants to send a log message from their ServiceNow instance to an ArcSight syslog server inside their corporate firewall each time a user login fails. The system administrator uses the login.failed event to trigger a business rule that invokes the Syslog Script Include each time a login fails. Acme's MID Server checks the ECC Queue for work and picks up the syslog probe, which contains the log entry. The MID Server then sends the log message to the ArcSight server, which gathers log messages from all the machine in the internal network.



Code Sample

The following code sample, included in an event or a business rule, directly calls the Syslog Script Include and sends a syslog message to a designated syslog server:


var sl = new Syslog('syslog.service-now.com ', 
'mid.server.Eclipse', 16);
sl.log('This is a sample log message', 6);

This code does the following:


  • Sends the log message to facility 16
  • Sets the priority at 6 (informational)
  • Sends the message to the syslog.service-now.com syslog server
  • Launches the probe via the Eclipse MID Server

snowuser111
Kilo Guru
In response to dravvyramlochun

‎12-19-2017 07:32 AM

HI,



I have this BR written, but the logs are not received. Midserver is up and running


0 Helpfuls

snowuser111
Kilo Guru
In response to snowuser111

‎12-20-2017 05:01 AM

do I need to trigger something other than Business rule not aware


0 Helpfuls

coz
Tera Contributor
In response to dravvyramlochun

‎11-03-2023 09:17 AM

This response is not helpful in the least.  You forward a link to documentation that the user has clearly referenced if you take a look at their code.

0 Helpfuls