Unsolved
1 Rookie
•
2 Posts
0
2063
January 19th, 2022 06:00
Syslog format for Dell OS10 Switch
Good day!
I've got a pair of S4128F-ON Dell switches running OS10-Enterprise 10.4.2.2. They are syslogging to Solarwinds SEM but SEM doesn't have a "connector" that knows the format of these logs. I have a ticket opened with them to create one but they'd like something from Dell stating the standard format of the log message for them to build the regex parser off of. Anyone know where this is documented by chance?
Thanks!
0 events found
No Events found!
DELL-Josh Cr
Moderator
•
9.6K Posts
•
42.2K Points
0
January 19th, 2022 11:00
Hi,
Page 975 OS10 Enterprise Edition User Guide Release 10.4.2.0 (https://dell.to/32d8dLl) may be helpful. Logging server and show logging. It may be best to create the syslog server and have it log and see what the output is. I wasn’t able to find any specific documentation on the format. Let us know if you have any additional questions.
cbeene
1 Rookie
•
2 Posts
0
January 19th, 2022 12:00
Thank you for the suggestion Josh, I don't think that's what Solarwinds is looking for though. I think they'd rather write their rules based on what Dell says the log entry should be rather than looking at existing entries and coding/configuring from there.
DELL-Josh Cr
Moderator
•
9.6K Posts
•
42.2K Points
0
January 19th, 2022 13:00
I was not able to find the information in anything public. They should have a way to contact us directly to work on collaborative projects.
johnny.david907
1 Rookie
•
1 Message
•
2 Points
0
October 23rd, 2025 17:53
I am also looking for regex format because we want syslogs going to Netwrix but we are not having any luck with Google Searching this. Since Dell runs Linux and I found out they have like 3 different version of OS10 (with SONiC). Lite, Standard (no longer supported) and enterprise. Do they all have the same regex for syslogs? Are the syslogs all different formats?
DELL-Charles R
Moderator
•
4.7K Posts
•
25.5K Points
0
October 23rd, 2025 18:54
Hello,
The Lite, Standards and Enterprise Dell Enterprise SONiC operating system variations that you are referring to are based on Debian Linux, and hence the logging format and syslog are based on the standard Linux [ rsyslogd ] utility.
You would need to access the underlying Linux shell to modify the [ rsyslogd ] configuration file ( [ /etc/rsyslog.conf ] ) for a specific format.
To parse Dell SONiC logs in Netwrix, you will need a regex pattern that can handle the standard syslog format and its additional details.
On Dell switch you must configure the destination IP of the syslog server and other info (port number ..).
On Dell OS10 operating system the log messages are typically structured with a timestamp, hostname, and a detailed message that includes the component or service that generated the event. You would create a custom regex pattern in Netwrix that matches the specific log format from your OS10 switches. The timestamp likely resembles RFC 3164 ( [ Month Day hh:mm:ss ] ).
Without having any experience on the subject, the Sonic Dell OS may work better.