Configuring Syslog Settings
  • 18 Apr 2024
  • 1 Minute to read
  • Dark
    Light
  • PDF

Configuring Syslog Settings

  • Dark
    Light
  • PDF

Article summary

To configure Syslog settings:

  1. From the top right corner of any page, click image.png. The System Settings page opens.
  2. In the Categories/Subcategories pane of the System Settings page, expand External Integrations, and select Syslog.
  • Use Syslog (required, default: switched off) - Toggle on to use a Syslog server.
  • Syslog gateway - Select the gateway to use for the Syslog Server

When you select Use Syslog, define the Syslog host name, Protocol, and Port (optional). You can configure an SSL connection and upload certificates as required.

  • Extra headers around message (JSON format) (optional, default: empty) - Use this setting to add a JSON formatted string that can be added to the HTTPS Log JSON thus enabling efficient integration with tools that accept input of JSON. The input should appear as follows:

     {"index": 12345, "sourcetype": "_json"}
    
  • Use RFP5424 Compliant messages format (optional, default: false) - Select this option to send all Syslog log messages using the RFC 5424 protocol.

You can configure more than one Syslog server.

  • Click AddIcon.png to add an additional syslog server; another Syslog Instance section opens.
  • Make sure you fill in all the parameters correctly.
  • Click DeletIcon to remove a Syslog server.

Syslog Settings must be switched on to use the Send to Syslog Server action.

When Syslog Settings is active, all log entries shown in the Activity Logs module are sent to the configured Syslog server. Examples of events sent include:

  • Login
    • Sent on success or failure of each login attempt.
    • Entries include the supplied user name and the result.
  • Discovery cycle phase
    Sent at the beginning and end of each discovery cycle phase.
  • Adapter connection failures
    • Sent when an adapter connection fails to connect using the supplied configuration.
    • Entries include the adapter name, ID of the node running the adapter, and connection error.
  • Adapter connection asset cleanup
    • Sent when an adapter decides to remove assets due to the configuration defined in Advanced Settings.
    • Entries include the number of assets removed.
    • To learn more, see: Adapter Advanced Settings.

In addition, low disk space notifications are also sent to the configured Syslog server.



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.