/
Adding a Monitor for Syslog Messages

Adding a Monitor for Syslog Messages

A Syslog Messages monitor checks information in log messages across IP networks. Syslogs are sent by many operating systems and infrastructure devices, most notably Unix-based systems and security devices.

As with SNMP traps, syslog messages are the logical equivalent to an alert from the vendor's perspective and are sent from the device to Onsite Manager.

You must understand how the device is sending the exact message you want to capture. It's a good idea to capture all syslogs for a period of time if documentation about the syslogs is not available. For more information, contact the device vendor or search their knowledgebase.

Syslog Facilities

  • All

  • Kernel messages

  • User-level messages

  • System daemons

  • Security/authorization messages

  • Messages generated internally by syslogd

  • Line printer subsystem

  • Network news subsystem

  • UUCP subsystem

  • CRON facility

  • Clock daemon

  • Security/authorization messages

  • FTP daemon

  • NTP subsystem

  • Log audit

  • Log alert

  • Local use 0 - local use 7

Syslog facilities are case-sensitive, as per the original RFC based on Berkeley Style Distributions of Unix.

Syslog Severity

  • All

  • Emergency

  • Alert

  • Critical

  • Error

  • Warning

  • Notice

  • Informational

  • Debug

What You Can Do

You can:

  • Collect information about Unix systems and applications they host.

  • Receive critical security information from firewalls.

Notes

Syslog Messages monitors only function correctly if Onsite Manager is defined as a Syslog Message receiver on the monitored devices.

Syslog Messages monitors can be added to devices individually and added to monitoring policies.

To add a monitor for Syslog Messages

  1. Do one of the following:

    • To add the monitor to a policy, in Service Center, click Service Delivery Policies > Monitoring. Click the name of the monitoring policy. Click the Monitors tab.

    • To add the monitor to a device directly, in Service Center, click Configuration > Alerting > Monitor & Alert Rules. From the Site list, select the site where the device is located. From the Device list, select the device to which you want to add a monitor.

  2. Click Add Monitor.

  3. Select Syslog Messages from the list.

  4. Click Add Monitor.

  5. In the Monitor tab, type a title for the monitor.

  6. Optionally, type a description for the monitor.

  7. Ensure the Enabled check box is selected.

  8. Select a Facility from the drop-down list.

  9. Select a Severity from the drop-down list.

  10. Type part of a syslog message in the Syslog Message box.

  11. To configure an alert, see Setting Alert Actions.

  12. Click Save.

If you select All from the Facility or Severity lists, a warning message may appear informing you of the possible impact on storage costs, due to the amount of data storage required. Click Yes to continue adding the Syslog Messages monitor.

Contact Us
Barracuda Campus
Barracuda Support