A Syslog Messages monitor checks information in log messages across IP networks. Syslogs are sent by many operating systems and infrastructure devices, most notably Unix-based systems and security devices.
As with SNMP traps, syslog messages are the logical equivalent to an alert from the vendor's perspective and are sent from the device to Onsite Manager.
Syslog Facilities
- All
- Kernel messages
- User-level messages
- System daemons
- Security/authorization messages
- Messages generated internally by syslogd
- Line printer subsystem
- Network news subsystem
- UUCP subsystem
- CRON facility
- Clock daemon
- Security/authorization messages
- FTP daemon
- NTP subsystem
- Log audit
- Log alert
- Local use 0 - local use 7
Syslog Severity
- All
- Emergency
- Alert
- Critical
- Error
- Warning
- Notice
- Informational
- Debug
What You Can Do
You can:
- Collect information about Unix systems and applications they host.
- Receive critical security information from firewalls.
To add a monitor for Syslog Messages
- Do one of the following:
- To add the monitor to a policy, in Service Center, click Service Delivery > Policies > Monitoring. Click the name of the monitoring policy. Click the Monitors tab.
- To add the monitor to a device directly, in Service Center, click Configuration > Alerting > Monitor & Alert Rules. From the Site list, select the site where the device is located. From the Device list, select the device to which you want to add a monitor.
- Click Add Monitor.
- Select Syslog Messages from the list.
- Click Add Monitor.
In the Monitor tab, type a title for the monitor.
Optionally, type a description for the monitor.
- Ensure the Enabled check box is selected.
- Select a Facility from the drop-down list.
- Select a Severity from the drop-down list.
- Type part of a syslog message in the Syslog Message box.
- To configure an alert, see Setting Alert Actions.
Click Save.