Syslog Configuration

 Top  Previous  Next

Syslog support is implemented by Syslog plugin. It is configured via Syslog node of Drivers/Plugin item in the System Tree.

The Syslog configuration includes Syslog Server Configuration and Syslog Message Sources Automatic Discovery settings described below. Note that AggreGate Server should be restarted to apply changes.

Syslog Monitoring Configuration

This table includes Syslog messages monitoring and consolidation parameters.

Property

Description

Enabled

Enables/disables syslog messages monitoring.

Syslog Protocol

Specifies the protocol (TCP or UDP) used for receiving Syslog messages.

Syslog Port

Specifies port to listen syslog messages at.

Severity Conversion Table

Syslog severity level to AggreGate severity level mapping. See below.

Severity Level Conversion

The Severity Conversion Table is used to calculate level of the generated %ag%> event based on original Syslog message severity level. See Syslog Events Monitoring and Consolidation for details about Syslog event generation.

The table maps each of the Syslog severity level values (as specified in RFC 5424) to an AggreGate severity level (see Event Levels paragraph). If a Syslog severity value is absent in the table, the resulting AggreGate event level is None (code 0).

By default the table is specified as follows:

Syslog Severity Level

AggreGate Event Severity

Code

Name

Description

Code

Level

7

Debug

Debug-level message

1

Notice

6

Informational

Informational message

2

Info

5

Notice

Normal but significant condition

2

Info

4

Warning

Warning conditions

3

Warning

3

Error

Error conditions

4

Error

2

Critical

Critical conditions

4

Error

1

Alert

Action must be taken immediately

4

Error

0

Emergency

System is unusable

5

Fatal

This table can be modified to provide a desired conversion procedure.

Syslog Message Sources Automatic Discovery

This flag enables or disables automatic discovery of hosts sending Syslog messages to the AggreGate server.