Trigger midserver logs

snowuser111
Kilo Guru

‎12-19-2017 02:17 AM

Hi experts,

i have midserver setup and also business rule set to send the logs,

Is there anything i need to trigger or update so that logs start getting send apart from the BR written.

Not aware. Please help. My BR:

----------------------------------------------------------------------------------------------------

(function executeRule(current, previous /*null when async*/)

{

var sl = new Syslog('hostname', 'mid.server.midservername', 16);

sl.log(current.message, 6);

})

(current, previous);

----------------------------------------------------------------------------------------------------

0 Helpfuls
  • 2,006 Views
9 REPLIES 9

avleengrewal
Kilo Explorer

‎01-22-2018 12:31 AM

Hi snowuser11, Did you get any help for performing this task. If so, Kindly help as I have to do the same.


0 Helpfuls

kumarsatyam
Tera Expert

‎05-21-2018 04:47 AM

Hello @snowuser11,

 

If you got any help and successfully implemented then please help me as i have also to implement the same and don't know how to start the process.

 

in which table we have to put the BR so that we can call script include functions .

 

Thanks and regards,

 

Kumar Satyam

0 Helpfuls

Sameer14
Tera Contributor

‎09-17-2019 06:26 AM

Hi Everyone,

I also have same kind of requirement to send logs from ServiceNow to Splunk.

 

If anyone already achieve that requirement, kindly share the steps.

 

 

0 Helpfuls

Chris Williams1
Kilo Explorer
In response to Sameer14

‎09-23-2021 02:55 PM

Did anyone ever get his to work and if so how was it done?

0 Helpfuls

Marc Roy
Tera Guru
In response to Chris Williams1

‎08-03-2022 08:50 AM

I ran into challenges too.

The script is rather simple and works as expected. 

var sl = new Syslog('<FQDN OR IP address of the Syslog server>', 'mid.server.<midname>',6);
//If you want to pass the details of the sysevent.LIST record to the log message you can reference event.parm1 and event.parm2.

sl.log('This is a sample log message', 6);

 

What I missed was that my MID sever paired to my PDI wasn't Validated, as a result the messages were showing in the ECC Queue, but understandably not being processed by the MID. As soon as the MID was validated it started processing the triggered events and I started receiving the logs as expected. 

I tested with SyslogWatcher and Syslog-NG. 

This thread was also useful in testing the trigger in a manual fashion. 

https://community.servicenow.com/community?id=community_question&sys_id=bc1d4aaedb5f63005d782183ca96196d

0 Helpfuls