Prerequisites

The syslog server must be installed in the managed environment.

Add a syslog configuration profile

The Syslog Monitor Configuration functionality is used to filter messages and generate alerts from the messages. For example, to stop receiving alerts for mail system messages, the system can be “trained” to not monitor those messages.

  1. Select Setup > Monitoring > Syslog Monitoring Configuration.

  2. Click the Configuration Profiles tab.

  3. Click Create New.

  4. Enter the following information:

    PropertyDescription
    Partner(required) The partner scope is prepopulated.
    Client(required) Client scope. Prepopulated if already selected.
    Management profilesList of management profiles configured in Resources > Management Profiles
    Configuration Name(required) Name of this configuration profile.
    DescriptionDescription of this profile.
  5. Click Next.

  6. Enter the following configuration profile properties:

    PropertyDescription
    Severity(required) Message severity level drop-down list from RFC 5424.
    Facility(required) Type of message to monitor drop-down list from RFC 5424.
    Resource Filter 1IP Filter Range : (required) IP address range of servers to monitor for syslog messages. Enter an asterisk (*) to receive messages from all devices, although, this is not recommended because of the heavy traffic load imposed on the gateway.
    Rule Name : Previously defined rule dropdown list selection. The Action and Tag columns are populated from the rule properties.
    Click the + symbol to add another previously defined rule to the profile. Rules are executed in the order in which they occur in the profile.
    Click the delete icon to delete a rule.
  7. (optional) To define a new rule and add it to the resource filter, click the + New Rule button, enter the rule properties as described in Add a syslog monitoring rule, and click Save.

  8. Click Save to apply the profile configuration and list the defined configurations:

    Syslog Profile List
  9. Click + Add to define another profile.

Add a syslog monitoring rule

  1. Select Setup > Monitoring > Syslog Monitoring Configuration.

  2. Click the Rules tab.

  3. Click Create New.

  4. Enter the following information:

    PropertyDescription
    Scope(required) Scope to which the rule is applied:
    • Partner Rule: Applies to partner.
    • Client-specific Rule: Applies to specified client, only.
    Client(required) If Client-specific Rule scope is selected, select from drop-down client list.
    Name(required) Rule name.
    Action(required) Action to apply to messages that match this rule:
    • INCLUDE: Send matching data in generated alert message.
    • EXCLUDE: Send all but matching data in generated alert message.
    RegEx Pattern(required) Regex pattern to apply for matching messages. Matching groups can be used as parameters, such as ${1}, in generating alert messages.
    Metric Name(required) User-defined metric name, which can be specified using regex.
    Component(required) User-defined component name.
    Alert Subject(required) User-defined alert subject.
    Alert DecsriptionAlert description.
    Alert Severity(required) Alert severity level:
    • Critical
    • Warning
    • Info
    • Ok
    TagsUser-defined tag name.
  5. Click Submit.

View and edit configuration profile

  1. View the defined configuration profiles in the Setup > Monitoring > Syslog Monitoring Configuration > Configuration Profiles tab:

    View Configuration Profile
  2. Click the configuration profile name to see the detailed profile information.

  3. (optional) You can change profile properties as needed. When complete, click Next.

  4. (optional) Change existing rule properties or add new rules as described in Add a syslog monitoring rule.

  5. Click Save.

View rules

  1. View rule details in the Setup > Monitoring > Syslog Monitoring Configuration > Rules tab.

    View Rules
  2. Change existing rule properties or add new rules as described in Add a syslog monitoring rule.

  3. Click Save.

Search profiles and rules

The following Syslog Monitoring Configuration search options are available.

Search profiles and rules

Use the configuration name and rule name to find a configuration profile and rules using.

To search for specific criteria, use the Advanced search option.

To search profiles using specific criteria:

  1. Click Advanced.

  2. In ADVANCED SEARCH, enter :

    • Client
    • Configuration Name
  3. Click Search.

The Configuration Profile screen displays search results.

To search rules using specific criteria:

  1. Click Advanced.

  2. In ADVANCED SEARCH, enter the following information:

    • Client
    • Action
    • Tags
  3. Click Search.

The Rules screen displays search results.

Delete profiles and rules

Use the Remove option to delete existing configuration profiles and rules.

To delete a Syslog configuration from a single gateway management profile, remove the managed profile from the respective Syslog configuration.