Monitoring Server Configuration for Syslog

To set up the Monitoring Server to receive Syslog messages, the following items need to be reviewed:

After completing the setup, it may be necessary to configure the vendor device to send Syslog messages to the Monitoring Server. There are numerous vendor devices that can be configured to send Syslog messages and each one will have individual setup procedures. The Setup Syslog Messaging provides some examples, however, it is best to refer to the specific vendor documentation.

Enable the Syslog Collector

When licensed, the Syslog Ccollector will be started by default and no further action is required.

If necessary, the Syslog Collector can be disabled by adding the following statement to the PROGNOSIS Configuration.

SET RUN (IRSYSLOGCOL.EXE, N)

Set the Ports/Firewalls

By default, Syslog messages are sent from the source device via UDP to the Monitoring Server on port 514 (this port can be configured). On the Monitoring Server, either open the right port for the Syslog UDP messages or more simply allow the Syslog Collector process (irsyslogcol.exe) to open any ports it requires. To do the latter, carry out the following procedure:

From the MS Windows Start menu go to:

Control Panel → System and Security → Windows Firewall → Allowed Programs

Click the Allow another program ... button

Browse to or enter the path: C:\Prognosis\Server\x64\irsyslogcol.exe

Click the Add button.

Configure the Syslog Collector

A number of optional settings can be configured through the SYSLOG Configuration. These settings can be made through either the Web Application or the Windows Client. The available configuration properties are detailed in SYSLOG Configuration Syntax.

Example:

SUBSYS SYSLOG

ADD UDP_LISTENER (514)
ADD TCP_LISTENER (601, terminator=NULL)

ADD TLS_LISTENER (6514)
TLS_CERTCHAIN ("c:\unifiedcert.pem")
TLS_PRIVATEKEY ("c:\privatekey.pem")

MAP DEVICE(10.102.91.11, device=Acme-102, customer=Acme_Ltd, site=Sydney, vendor=Ci, type=Ce)

Start the Syslog Database

The Syslog DB database needs to be running in order to collect Syslog message data. For details of how to start this database see the Databases for Syslog.

Start the Syslog Thresholds

Three Thresholds are provided that will raise alerts when the license limit for Cisco CM, UC and ER devices is exceeded. For details of how to start these Thresholds see the Thresholds and Alerts for Syslog.

Provide feedback on this article