Configuring Syslog Startup and Forwarding

 

Forwarding Syslog Messages

The discovered resources must be configured to forward the syslog messages to the server so as to enable syslog monitoring.
 

In Web NMS,

  1. The system (Linux/Solaris/routers) forwards the syslog messages to the server.

  2. The server listens on UDP port  for these messages.

In this topic, we have provided examples to forward syslog messages  from a Linux device and a router to the Web NMS server.

 

Example: Forwarding Syslog Messages From Linux Device

Following is an example explaining how to configure a Linux device to forward syslog messages to the Web NMS server.

    1. Log on to the Linux device (whose messages you want to forward to the server) as a super user.

    2. Enter the command - vi /etc/syslog.conf to open the configuration file called syslog.conf.

    3. Enter *.* and press the Tab key and enter the name of the host machine where the server is running.
      For example, *.*        @test

    4. Restart the syslog service using the command /etc/rc.d/init.d/syslog restart.

Note:
If the Web NMS server is running in a Linux device, you need to make the following configuration in the server to receive the forwarded messages.

    1. In Linux devices, by default, the syslog daemon occupies the port 514. This port must be freed in the machine where the Web NMS server is running, so that it listens for syslog messages at 514 port. You can change the port number for the syslog daemon so that port 514 can be used by the server. The steps are explained below.

      1. Log into the Linux device (where the Web NMS server is running) as a super user.

      2. Enter the command vi /etc/services to open the file.

      3. In the services file, all the services and their corresponding port numbers are listed. Under the Unix-specific services, the syslog service will be listed, with its port as 514/udp. Ensure that the port number is not occupied by some other service (you can configure a different port if the default port is occupied).

    2. Restart the syslog service using the command /etc/rc.d/init.d/syslog restart.

[OR]

    1. You can configure a different port for the Web NMS server to listen for syslog messages. The port number is configured in the file called NmsProcessBE.conf, located in <Product Home>/conf directory. But, the UDP port must be same for the forwarding devices and the device where the server is running. So, it is mandatory that you change the port number in all the forwarding devices.

 

Example: Forwarding Syslog Messages From Routers

 

To enable syslog monitoring in router and redirect the log message to the syslog server:

    1. Telnet to the router machine as telnet <router>.

    2. Type the command enable at the prompt to set to 'enable' mode.

    3. You will be prompted to enter the password. Enter the correct password.

    4. Now, type the command  config at the prompt.

    5. Choose terminal configuration.

    6. After this, type logging <IP address of the host device where NMS server is running> at the command prompt. For example, logging <192.168.5.120>. This is done to enable forwarding of messages to  the Web NMS server.

After the above steps are performed, the router logs the syslog messages onto the server at port 514 by default.

 

Configuring Startup Options

 

There are a few startup options that you can configure in NmsProcessesBE.conf located in <Product Home>/conf directory. Configuring these parameters are not mandatory. Default values will be taken if you do not specify in the configuration file. See the table given below for details:

 

Configuring NmsProcessesBE.conf

Sl.No Parameter

Description

1

SYSLOG_SERVER_PORT

The argument for this parameter is the port number at which the server must listen for syslog messages. The default Syslog UDP port is 514.

 

Example entry:

SYSLOG_SERVER_PORT 514

2

LOCAL_SYSLOG_FILE_NAME *

The argument for this parameter is the name of the file in which the syslog messages for the local machine are stored.

 

Example entry:

LOCAL_SYSLOG_FILE_NAME  /var/log/messages

3

LOCAL_SYSLOG_MONITOR_INTERVAL*

The argument for this parameter is the time interval in seconds at which Syslog is monitored in the local machine.

 

Example entry:

[LOCAL_SYSLOG_MONITOR_INTERVAL 300

4

MONITOR_LOCAL_SYSLOG *

The argument for this parameter can either be true or false. If Syslog is to be monitored for the device where theWeb NMS server is running, the value is set as true, else it is set as false.

 

Example entry:

MONITOR_LOCAL_SYSLOG true

5

WMI_MONITOR_INTERVAL

This parameter is applicable only for Windows devices. The value for this parameter is time interval in seconds, at which the Windows devices are monitored for syslog events..

 

Example entry:

WMI_MONITOR_INTERVAL  300

* Applicable only to Unix devices.

 

Enabling Syslog Monitoring For All Windows Devices at Startup

 

By default, syslog monitoring is not enabled for all the devices. But, for Windows devices, you have an option to configure syslog monitoring before the Web NMS server startup. This configuration is effected in NmsProcessesBE.conf located in <Product Home>/conf directory.

 

The following three parameters must be passed as arguments to the syslog process:

The entry for the same in NmsProcessesBE.conf will be as shown below:

 

#com.adventnet.nms.syslog.server.StandaloneSyslogProcess [SYSLOG_SERVER_PORT port] [LOCAL_SYSLOG_FILE_NAME fileName] [LOCAL_SYSLOG_MONITOR_INTERVAL interval]

 [MONITOR_LOCAL_SYSLOG true/false] [WMI_MONITOR_INTERVAL monitor interval] [DEFAULT_WMI_MONITOR true/false] [WMI_USERNAME username] [WMI_PASSWORD password]

PROCESS com.adventnet.nms.syslog.server.StandaloneSyslogProcess  ARGS  SYSLOG_SERVER_PORT 514 DEFAULT_WMI_MONITOR true  WMI_USERNAME <username> WMI_PASSWORD <password>

MONITOR_LOCAL_SYSLOG true

 

Example

 

#com.adventnet.nms.syslog.server.StandaloneSyslogProcess  [SYSLOG_SERVER_PORT port] [LOCAL_SYSLOG_FILE_NAME fileName] [LOCAL_SYSLOG_MONITOR_INTERVAL interval]

[MONITOR_LOCAL_SYSLOG true/false] [WMI_MONITOR_INTERVAL monitor interval] [DEFAULT_WMI_MONITOR true/false] [WMI_USERNAME username] [WMI_PASSWORD password]

PROCESS com.adventnet.nms.syslog.server.StandaloneSyslogProcess ARGS  SYSLOG_SERVER_PORT 514 DEFAULT_WMI_MONITOR true WMI_USERNAME administrator WMI_PASSWORD admin

 MONITOR_LOCAL_SYSLOG true

 


Copyright © 2009 ZOHO Corp. All Rights Reserved.