Run Live Demo

Syslog

Supported Versions RFC5424
Collection Methods Syslog Listener
Requirements
  • The computers and network devices sending Syslog messages must be configured to send messages to Longitude. Consult your server or network device’s documentation for configuration details.
  • Either the Longitude Management Console or a Longitude Remote Agent may be configured to listen for Syslog messages.
  • Only one listener can function at a time for any given port. If other listeners are installed on a Longitude listener, whichever listener starts first will attach to the port and receive data. Stop all other Syslog listeners on Longitude servers listening for Syslog messages, and set any Syslog listener services to Manual start.
  • Longitude listens for Syslog messages on port 514. This is not configurable.
  • If the Longitude listener is a Remote Agent on a Linux server, the Statitics Server on the Agent needs to run under the root account. The Statistics Server account on the agent is set by the FIRENZE_USER value in Longitude\bin\firenze_ss. After changing this value, the Statistics server may be restarted by running:
    /etc/init.d/firenze_ss stop
    /etc/init.d/firenze_ss start
  • Verify that any routers or firewalls between the Syslog sender and the Longitude listener will not block Syslog Traffic.
  • Syslog messages have Facilties defined as follows:
    Facility Number Facility Name
    0 kernel
    1 user-level
    2 mail system
    3 system daemons
    4 authorization
    5 syslog
    6 line printer subsystem
    7 network news subsystem
    8 UUCP subsystem
    9 clock daemon
    10 security
    11 FTP daemon
    12 NTP subsystem
    13 log audit
    14 log alert
    15 clock daemon
    16 local use 0
    17 local use 1
    18 local use 2
    19 local use 3
    20 local use 4
    21 local use 5
    22 local use 6
    23 local use 7

     

  • Syslog messages have the following severities, with their Longitude equivalents:
    Syslog Severity Number Syslog Severity Name Longitude Alert Severity
    0 Emergency Critical
    1 Alert Critical
    2 Critical Critical
    3 Error Major
    4 Warning Minor
    5 Notice Warning
    6 Informational Warning
    7 Debug Warning

     

Configuration
  1. Use Monitor Devices.
  2. Select Syslog.
  3. Set the Agent to the Longitude Management Console or the Remote Agent listening for the traps.
  4. If the Device field is empty, all incoming Syslog messages will be recorded. If any servers or network devices are entered into this field, only messages from the listed devices will be recorded.
  5. Select the Facility values you would like to receive.
  6. Select the Severity values you would like to receive.
  7. Click on the Monitor button.
  8. Repeat configuration if additional listeners are used.
Troubleshooting
  • Syslog Messages are not displayed in the Syslog view of the Event Monitor:
    • As Syslog messages are received, they are written to files in the Longitude\ss\log directory named yyyymmdd_syslog_##.txt. If these files do not exist or are empty, the Longitude listener is not receiving any Syslog messages. Recheck the configuration of the devices sending Syslog messages, and if there are any firewalls blocking Syslog messages.
    • If there is data in the Syslog receiver file, it will be written to the database and available in the Event Monitor on the next collection by the consolidator, which occurs every 5 minutes. If data is still not available after the interval has passed, check the Longitude\consolidator\log\yyyymmdd_consolidtor_error_##.txt file for errors parsing the collection file.
  • Collections fail with java.net.SocketException: Unrecognized Windows Sockets error: 0: Cannot bind error:
    Longitude is unable to listen on the requested port because the port is already bound to another listener. Check the Longitude server for other applications or services that are listening for traps. If the other listener is a service, set it to Disabled or Manual start to prevent it from attaching to the port before Longitude does after a reboot.

 


Top
SQL Server Transactions