The Syslog action will send a summary description of a monitor's findings as a Syslog event. You can configure the action to send the
log event to any server/device on the network that is listening for syslog events.
You can indicate just a hostname or IP address, in which case port 514 will be used. Or you can use a hostname:port or IP address:port format to target a different port.
You configure which syslog facility should be used when sending the log event, as well as the severity that should be used.
Multiple Syslog Actions could be set up to send different logs to different Syslog servers. Some monitors could then use one Syslog Action, and
other monitors could send alerts through a different Syslog Action.
The Syslog Action has a few options to control the output of the message, and the message content will also be affected by the source monitor sending the message. In some cases it
will be easiest to try it and see what the message looks like in your particular scenario.
- Send alert text
With this option chosen the alert text is sent, the same as you might see in an email message.
- Send alert row variables
Row variables depend on which monitor is sending the alert. The bottom of the Expansion Variables page lists the possible variables and their meaning. Row variables will
be concatenated together, with each field separated by a pipe | character.
Each of the fields will be emitted even if there is no value in the field. Each row variable line ends with a newline (\r\n).
- Send text as a single line
With this option checked, all new lines (\n and \r characters) are stripped from the output.