Why Is Syslog Necessary in NetPing Devices and How to Configure It?

  • Published In: FAQ
  • Created Date: 2015-05-26
  • Hits: 662

Syslog (System log) is standard for sending and registering notifications about events taking place in the system (i.e. creating logs), which is used in computer networks, working via an IP protocol. A term «Syslog» is used to name both a standard network protocol Syslog, and software (application, library), which sends/receives system notifications.

A mechanism of Syslog operation is simple: resources create simple text notifications about events that take place in them and transfer them to a Syslog server to be processed, using one of the network protocols IP (UDP or TCP). Notifications about events are formed and transferred according to certain rules, named a Syslog protocol.

Similarly, Syslog in NetPing devices is used to collect, store and view the information. Eventually, using Syslog makes viewing events on NetPing devices simpler, particularly when there are several devices in a local network.

List of the Most Popular Syslog Servers for Windows OS

Name
License
Official web site
Syslog Watcher
Freeware
http://www.snmpsoft.com/syslogwatcher/syslog-server.html
Syslog Server Free Tool
Freeware
http://community.whatsupgold.com/freetools/syslog
Aonawire Syslog Daemon
Freeware
http://www.aonaware.com/syslog.htm
Datagram SyslogServer Trial Edition
Freeware
http://www.syslogserver.com/download.html
Kiwi Syslog Server Free Edition
Freeware
http://www.kiwisyslog.com/free-vs-paid-edition.aspx

List of the Most Popular Syslog Servers for Linux/Unix OS

Name
License
Official web site
Syslog-ng
Freeware
https://www.balabit.com/network-security/syslog-ng/opensource-logging-system
Rsyslogd
Freeware
http://www.rsyslog.com/

Example of Syslog Watcher Working with NetPing Devices

To install and configure a Syslog server Syslog Watcher, there is a need to download a distribution program from the official website «SnmpSoft Company». 

Installation of the Syslog server is standard in Windows OS:

1. Run the file «SyslogWatcherSetup-X.X.X-win32.msi» to start installation;

2. Agree to a license agreement and choose a type of server installation:

Agree to a license agreement and choose a type of server installation

3. Choose a path to install this Syslog server:

Choose a path to install this Syslog server

4. Allow adding a rule for all incoming connections for Syslog Watcher in Windows Firewall:

Allow adding a rule for all incoming connections for Syslog Watcher in Windows Firewall

5. Afterward, there is a need to wait for Syslog Watcher to be installed successfully, which will end with the information inscription «Installation Complete»:

Syslog Server Free Tool to be installed

After Syslog Watcher server is installed, there is a need to run it and choose an operation mode «Manage Local Syslog Server»:

Manage Local Syslog Server

The last step of a main configuration of Syslog Watcher is starting a service «Syslog Watcher Service» using the button «Start Server» in the upper menu of a program window:

Start Syslog Watcher

To enable NetPing devices to send informational notifications about their work to a Syslog server, there is a need to specify IP address of a Syslog server at the page «Setup» of a device web interface. Save the settings by clicking the button «Save changes»:

To enable NetPing devices to send informational notifications about their work to a Syslog server

Enable corresponding notifications from sensors and IO lines for sending to a Syslog server:

Enable corresponding notifications from sensors and IO lines for sending to a Syslog server

As a result of the configuration described above, information notifications from NetPing devices will be sent to Syslog Watcher:

Syslog Watcher

If NetPing devices use Russian-language firmware, there is a need to change coding to 1251 (ANSI - Cyrillic) in Syslog Watcher to see Russian-language notifications of a system log correctly.

Coding is changed in the settings of the program: Settings > Server:Processing > Force codepage.

Coding is changed in the settings of Syslog Watcher

Example of Work of Syslog Server Free Tool with NetPing Devices

To install and configure a Syslog server Syslog Server Free Tool, there is a need to download a distribution program from the official web site «WUGspace». 

Installation of this Syslog server in Windows OS is standard:

1. Run the file «Ipswitch Syslog Server vX.X.X.X.exe» to start installation;

2. Agree with a license agreement and select a path for a server installation:

Agree with a license agreement and select a path for a server installation

3. Click «Install» and wait for Syslog Server Free Tool to be installed successfully:

Syslog Server Free Tool to be installed successfully

After a Syslog Server Free Tool is installed, there is a need to run it and click «Start» in the window of a program:

 Start in the window of a program

The installation process of NetPing devices for sending notifications to a Syslog server from sensors and IO lines is described above, in the section «Example of Work of Syslog Server Free Tool with NetPing Devices».

After Syslog Server Free Tool and NetPing devices are successfully configured, they will send the following informational notifications:

Syslog Server Free Tool

It is recommended to use an English-language firmware version for NetPing devices to work with Syslog Server Free Tool.

Example of Rsyslog Work with NetPing Devices

Installation and configuration of  Rsyslog server at the OS CentOS 6 will be considered in this example.

Installation is performed according to the following steps:

1. Check the installed package and a Rsyslog version on a server. This checkup can be performed by two commands:

rpm -qa|grep rsyslog

or

rsyslogd -v

Check the installed package and a Rsyslog version on a server

2. If a version of a package is outdated, it is recommended to update Rsyslog on a server to the latest stable version (when this article was being written, the latest Rsyslog version is 8.9.0). RPM repository is used to update Rsyslog. There is a need to download a file «rsyslogall.repo» via the link http://rpms.adiscon.com to use it.

There is a need to download rsyslogall.repo

3. Afterward, there is a need to put the file into a correct directory:

/etc/yum.repos.d/

4. Then, install Rsyslog using a command:

yum install rsyslog

If all previous steps were completed successfully, an installation utility will connect to RPM repository and check availability of packages of a new Rsyslog version.

If all previous steps were completed successfully, an installation utility will connect to RPM repository and check availability of packages of a new Rsyslog version

If there are updates available for your system, then the system will prompt to download them and update corresponding packages. The installation of new packages is completed with the inscription «Complete!»:

The installation of new packages is completed with the inscription Complete!

After a successful installation, there is a need to configure Rsyslog. To do that, there is a need to edit a configuration file /etc/rsyslog.conf.

1. Before editing, the first step is to create a backup copy of the original file:

cp -pv /etc/rsyslog.conf /etc/rsyslog.conf.orig

2. Open a configuration file for editing:

vi /etc/rsyslog.conf

In the area of settings «MODULES» there is a need to uncomment the next rows (delete a character «#» before a row starts)):

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernal logging support (previously done by rklogd)

3. Enable listening to UDP and TCP ports 514:

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514 

4. Add the next rows to the end of the file /etc/rsyslog.conf:

$template TmplAuth, "/var/log/rsyslog_custom/%HOSTNAME%/%PROGRAMNAME%.log" 
$template TmplMsg, "/var/log/rsyslog_custom/%HOSTNAME%/%PROGRAMNAME%.log" 
authpriv.* ?TmplAuth 
*.info,mail.none,authpriv.none,cron.none ?TmplMsg

After making all necessary changes, there is a need to quit an editing mode by clicking the button «Esc» and save a configuration file using the command «:wq».

5. The last step of Rsyslog server configuration is adding «SYSLOGD_OPTIONS» into the file /etc/sysconfig/rsyslog without parameters:

SYSLOGD_OPTIONS=""

[root@localhost ~]# cat /etc/sysconfig/rsyslog 
# Options for rsyslogd 
# Syslogd options are deprecated since rsyslog v3. 
# If you want to use them, switch to compatibility mode 2 by "-c 2" 
# See rsyslogd(8) for more details 
SYSLOGD_OPTIONS=""

6. After all settings are configured, there is a need to restart Rsyslog server using a command:

/etc/init.d/rsyslog restart

Otherwise a service can be stopped:

/etc/init.d/rsyslog stop

And started again:

/etc/init.d/rsyslog start

A configuration of NetPing devices for sending notifications to a Syslog server from sensors and IO lines is described above in the section «Example of work of Syslog Watcher with NetPing devices».

Now there is a need to turn on the mode of viewing logs to analyze logs from NetPing devices on Rsyslog server using a command:

tail -f /var/log/messages

The result of running the Rsyslog server with NetPing devices

It is recommended to use English-language firmware of NetPing devices for Rsyslog to work with NetPing devices.


Tags: All devices
comments powered by Disqus