Monitoring Syslog Using Web NMS

What is Syslog?

Some Definitions on the Web

The GNU/Linux System Logger, where all system messages or errors are stored.
SYSLOG allows you to log significant system information to a remote server.
System Log
A method of collecting together message logs from many systems. Each system sends short text messages to a syslog recorder. The recording system may record these in any desired manner including writing them to a file, sending them on to other systems, and printing them. Syslog messages are transported by UDP datagrams sent to port 514.

Syslog Monitoring Features

Syslog Monitoring is supported in Windows, Unix, Routers, etc.
Web NMS server acts like centralized Syslog server
The Web NMS server listens on UDP Port 514 for Syslog Messages
Windows Syslog Monitoring is achieved through WMI
Effective GUI to customize Syslog message filters at runtime.
Syslog messages are converted into events with user-defined filter criterion.
Syslog events can be viewed in normal Web NMS Events View.
Runtime enabling/disabling of syslog monitoring is possible

Prerequisites

For syslog monitoring in Windows, WMI must be installed. This is available by default in Windows 2000 and higher versions. This needs to be installed separately in Windows NT.

About WMI

WMI refers to Windows Management Instrumentation.
It is an implementation for Web-Based Enterprise Management (WBEM).
It uses Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components in an enterprise environment.
Through WMI, a client application can request information from, and send instructions to, the managed object.

System Requirements

The hardware and software requirements for the Syslog Feature Pack are same as that of Web NMS. For more information on the supported system requirements, refer to Hardware Requirements and Software Requirements pages in the Installation Guide of Web NMS.

Note:

Database schema is currently available only for MySQL, Oracle, and Sybase. Support will be extended for other databases on a need basis.

How It Works in Web NMS?

The health of the systems in networks are monitored easily if you have an access to the syslog. In AdventNet Web NMS, you can monitor the syslog messages for the discovered devices.

Workflow

The Web NMS server acts like a centralized Syslog server that collects messages from different monitored devices.
The syslog messages are collected and parsed as Web NMS events based on some filter criteria defined in the configuration file. The message filter is customizable.
The events are stored in the Events table in the Web NMS database.
These events are then correlated as alarms and are stored in Alerts table in the database.
You can connect the client to the Web NMS server to see the events and alarms displayed. You can also create custom views to display only the Syslog events.

That is, in Linux and Solaris platforms, the syslog will be in a readable format. The syslog messages are forwarded to the server.. The Web NMS Server listens for these messages on UDP Port 514.

In Windows, you can view the syslog through its event viewer (In Windows 2000, from Start menu, select Settings --> Control Panel -->Administrative Tools --> Event Viewer). These are represented as Web NMS events using WMI scripting API. The syslog stores different types of log messages.