Introduction
System Requirements
Assign Service Logon As Credentials
Server Configuration
Agent-Based Monitoring
Data Providers
- Data Provider Properties
- SQLite Properties
- MySQL Properties
- Microsoft SQL Server Properties
- File System Properties
Directory Services
Audit Work Items
Hosts
- Adding Hosts
- Host Properties
- Batch Update Hosts
- Logon As Properties
- SFTP Properties
- FTP/S Properties
- SNMP Device Connection Properties
- WMI
- Contact
- Template Exclusions
- Inventory
- Docker
- Host Assignments
Templates
- Template Properties
- Batch Update Templates
- Log Management Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
Monitors
- Monitor Hierarchy
- Temporarily Suppress Monitors Actions
Reports
- Report Properties
- Security Reports
- Generic Log Reports
- File and Permission Reports
- Summary Reports
Auto-Configurators
Filters
- Simple Filters
- Complex Filters
- C# Script Filters
Actions
- Desktop Actions
- Email Actions
- Event Log Actions
- Executable Actions
- File Actions
- IIS IP Address Restriction Actions
- Microsoft Teams Actions
- Service Actions
- SMS Actions
- SNMP Trap Actions
- Syslog Actions
- Template
- IIS IP Address Restriction
- Action Variables
Schedules
- Fixed Schedules
- Range Schedules
- Real-Time Schedules
Environment Variables
Options
- Email Settings
- Security Settings
- Syslog Server Settings
- SNMP Trap Server Settings
- Log Viewer Settings
- Web Proxy Settings
- Miscellaneous Settings
Account Lockout Monitoring and Reporting
SNMP
- SNMP Browser
SSH Shell
Exporting and Importing Configuration Objects
Shared Views
- Auto-Config Host Assignment Properties
- General Executable Properties
- Assign Actions
- Assign Directories
- Assign Disks
- Assign Shares
- Assign Files
- Assign Consolidated Logs
- Assign Event Logs
- Assign Azure Audit Logs
- Target Files and Sub-Directories
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Define CSV and W3C Log Entry Columns
- Active Directory User and Group Filters
- Explicitly Assigned Logs
- File Explorer
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Executable Timeline
Command Line Interface
Troubleshooting
- Arithmetic Overflow
- Access Denied
- MySQL: Fatal error encountered during command execution
- Invalid Class
- No Such Interface Supported
- Quota Violation
- The File Exists Errors
- The Interface is Unknown
- The RPC Server is Unavailable
- NetBIOS Errors
- Windows Service Log File
Terminology

Syslog Server Settings

Server Manager contains both a UDP and TCP Syslog server. These syslog servers can be used to collect, relay, monitor, and consolidate syslog messages from both computers and devices such as switches, routers, firewalls, and Unix and Linux servers. By default, when a message is sent from a device, the receiving Syslog server automatically adds the device's IP or hostname to the Explorer view. Once added, the message is saved to the Log Repository.

How to configure the Syslog Servers

From the Explorer View, navigate to Options, then select Syslog Server Settings. The Syslog Server Settings View displays. The Agent Server Properties View contains 3 tabs.
- Options
- Assignments
- Columns

UDP Syslog Server

Check the Enabled check box to enable the UDP Syslog Server.
Use the Port text box to specify the port.
Use the Bind address text box to specify the UDP address.

Use the Queue size text box to specify the queue size.

Note: Anytime the queue is full and therefore unable to keep up with the incoming Syslog messages, new messages are dropped until the system is able to recover.

Use the Batch size text box to specify the number of syslog messages to batch save.

Note: The batch size must be less than the queue size. The batch size is directly proportional to the amount of memory consumed.

Clicking Clear DNS Cache empties any prior DNS cached values.

TCP Syslog Server

Check the Enabled check box to enable the TCP Syslog Server.
Use the Port text box to specify the port.
Use the Bind address text box to specify the TCP address.
Use the Idle timeout text box to specify the timeout in seconds.
Use the Encrypt check box to enable TLS 1.2.

Use the Certificate text box to specify the TLS 1.2 certificate.

Attribute	Sample Value	Search Order
Thumbprint	1E2CCCC2461DFD3FD925CDA17E5DCAD17B95D94B	1
Serial Number	5C588F17F5225B9C4CE09E9D42E0DB94	3
Subject Distinguished Name	CN=LocalhostName,OU=IT,O=\"Corner Bowl Software\",L=Kamas,S=Utah,C=US	2
Subject Name	LocalhostName	4

The local machine store is searched first. If the certificate is not found, the current user store is searched.

Check the Close duplicate connections check box to clean up duplicate connections.

Message Delimiters

Check the CRLF check box to enable CRLF (ASCII 13, ASCII 10) delimiters.
Check the CR check box to enable CR (ASCII 13) delimiter.
Check the LF check box to enable LF (ASCII 10) delimiter.
Check the NULL check box to enable NULL (ASCII 0) delimiter.

Options

Use the Add all new hosts check box to automatically add any syslog device to the software when a syslog message is received from the device for the first time.

Devices sending syslog messages to Server Manager are automatically be added to the Explorer View under the Hosts/Syslog Devices node then the templates, such as Syslog Consolidation automatically assigned. If you prefer to explicitly specify which Syslog devices can save messages to the Log Database, clear this option then manually add each Syslog device you want to support. Finally, assign the Syslog Consolidation template to each new Syslog device or the Host Group where you added the Syslog devices.

Use the Host identification method drop-down to select how you would like connecting hosts to be identified.

Option	Description
DNS Lookup	The server uses DNS to resolve the hostname.
DNS and FQDN Lookup	The server uses DNS and Active Directory to resolve the Fully Qualified Domain Name (FQDN).
Remote IP Address	The server uses the IP address.

Check the Enable RFC 5424 parsing check box to enable RFC 5424 parsing. For more information see: The Syslog Protocol
Check the Enable RFC 3164 parsing check box to enable RFC 3164 parsing. For more information see: The BSD syslog Protocol

RFC 5424 obsoletes RFC 3164.
Check the Enable verbose logging check box to enable detailed logging.

Syslog Server Properties View

How to relay syslog messages

Corner Bowl Server Manager can be used to relay syslog messages to other syslog collectors.

To relay syslog messages

From the Explorer View, expand the root Templates node, expand Sample Templates | Log Consolidation then right click on Syslog Relay and select Template Properties. The Template Properties View displays.
From the Template Properties View, select the Rules Tab.
From the Rules controls, find the Actions column. Notice the Syslog Relay action that is assigned. This action needs to be modified to configure the Syslog Collector Host to relay syslog messages too. Click the Edit button. The Action Properties View displays.

From the Action Properties View, use the Syslog server drop-down to select the target Syslog Collector Host.

If the host or IP has not been added, click the Add Add Button

button, then add the host or IP.

Click Close, then when prompted to save your changes, click Yes.
From the Template Properties View, use the Assignments controls to assign the localhost to the Syslog Relay Template.
Click Close, then when prompted to save your changes, click Yes.

Table of Contents