Enterprise SIEM, Centralized Log Management, Security, Compliance, Server Monitoring and Uptime Monitoring Software
Table of Contents

Syslog Server Settings

Server Manager contains both a UDP and TCP Syslog server. These syslog servers can be used to collect, monitor, and consolidate syslog messages from both computers and devices such as switches, routers, firewalls, and Unix and Linux servers. By default, when a message is sent from a device, the receiving Syslog server automatically adds the device's IP or hostname to the Explorer view. Once added, the message is saved to the Log Repository.

Use the Syslog Server Settings properties page to:

  • Configure syslog consolidation options.
  • Configure the TCP and UDP servers.

To configure Syslog Server Settings

  • From the Explorer View, navigate to Options, then select Syslog Server Settings. The Syslog Server Settings View displays.

Log Consolidation

  • Check the Save syslog messages from all sources check box to save syslog messages to the Log Repository.
    Save syslog messages from all sources is the default. Devices sending Syslog messages to Server Manager will automatically be added to the Explorer View under the Hosts/Syslog Devices node then the Syslog Consolidation template assigned. If you prefer to explicitly specify which Syslog devices can save messages to the Log Repository clear this option then manually add each Syslog device you want to support. Finally, assign the Syslog Consolidation template to each new Syslog device or the Host Group where you added the Syslog devices.
  • Use the Host identification method drop-down to select how you would like connecting hosts to be identified.
    OptionDescription
    DNS LookupThe server uses DNS to resolve the hostname.
    DNS and FQDN LookupThe server uses DNS and Active Directory to resolve the Fully Qualified Domain Name (FQDN).
    Remote IP AddressThe server uses the IP address.
  • Under the Log consolidation template choose or create a new template for log consolidation.

UDP Syslog Server

  • Check the Enabled check box to enable the UDP Syslog Server.
  • Use the Port text box to specify the port.
  • Use the Bind address text box to specify the UDP address.
  • Use the Queue size text box to specify the queue size.
    Note: Anytime the queue is full and therefore unable to keep up with the incoming Syslog messages, new messages are dropped until the system is able to recover.
  • Use the Batch size text box to specify the number of syslog messages to batch save.
    Note: The batch size must be less than the queue size. The batch size is directly proportional to the amount of memory consumed.
  • Clicking Clear DNS Cache empties any prior DNS cached values.

TCP Syslog Server

  • Check the Enabled check box to enable the TCP Syslog Server.
  • Use the Port text box to specify the port.
  • Use the Bind address text box to specify the TCP address.
  • Use the Idle timeout text box to specify the timeout in seconds.
  • Check the Close duplicate connections check box to clean up duplicate connections.

Message Delimiters

  • Check the Enable RFC 5424 parsing check box to enable RFC 5424 parsing. For more infomation see: The Syslog Protocol
  • Check the Enable RFC 3164 parsing check box to enable RFC 3164 parsing. For more infomation see: The BSD syslog Protocol
    RFC 5424 obsoletes RFC 3164.
  • Check the CRLF check box to enable CRLF (ASCII 13, ASCII 10) delimiters.
  • Check the CR check box to enable CR (ASCII 13) delimiter.
  • Check the LF check box to enable LF (ASCII 10) delimiter.
  • Check the NULL check box to enable NULL (ASCII 0) delimiter.

Other Options

  • Check the Enable verbose logging check box to enable detailed logging.

  • Click Save to save your changes.
  • Click Close to close the view.

Related Topics

Options