Products Affected
ELM Log Manager and ELM Enterprise Manager 5.x, 6.x
Issue
System Administrator wants to monitor syslog events.
Considerations
- Before ELM starts receiving syslog messages, the device sending syslog has to be configured, and usually this is done in a syslog.conf file.
- ELM will need at least an IP Agent for the device to receive syslog messages.
- The Syslog Receiver is based on RFC 3164 and listens for Syslog messages. By default, the Receiver listens for Syslog on UDP port 514 or TCP port 601.
- In ELM 6.0 by default, the Syslog Receiver defaults to collecting all syslog messages when there isn’t an Include Filter assigned to it.
- To be notified of a specific syslog event, setup a Notification Rule, Include Filter, and assign the desired Notification Method.
Syslog Device
A common format for this file designates facility, severity, and destination.
Generic Examples
| facility.severity[;facility.severity] | Destination | Meaning |
|---|---|---|
| kern.* | @PDC1 | Send all messages from the kernel facility to server PDC1. |
| *.err | @redmond | Send all messages with a severity of error to server REDMOND. |
| cron.warning;ntp.alert | @corp3 | Send messages from the cron facility with a severity of warning and from the ntp facility with a severity of alert to the server CORP3. |
Note: These are generic examples, please consult the documentation for your specific device for details about its syslog functionality.
ELM 5.x
1. On the Window server that has ELM Enterprise Manager installed, in the control panel launch the ELM Enterprise Manager application. Click on the Receivers tab. To receive Syslog messages, check the box that says Enable Syslog Receiver. Then, select a checkbox to specify UDP and/or TCP.
ELM 6.x
1.The Syslog Reciever is now a Monitor Item and can be assigned an Exclude Filter now as well as the Include Filter. Use the New Monitor Item setup wizard to configure.
Revision: 1.1
Last Modified: 12/3/2010
Last Reviewed: 12/3/2010
Article Type: Informational