Syslog Monitoring
Monitor and Control Incoming Syslogs with FrameFlow
About Syslog Monitoring

Syslog is a protocol used by Linux-based systems and various types of networking gear. Syslog messaging works in a fashion that is similar to SNMP traps in that you configure your syslog devices to send messages to a central server which decides how to handle them. For example, your Cisco switch can be configured to send syslog messages when link status changes for any port or to send messages when console logins fail.

Examples of Cisco Syslog Messages

Syslog Event Monitor Settings

First, determine whether or not you want a list of all new syslogs in each notification. If you do, you can also chooose how many new syslogs will be displayed in the event text generated by each event monitor run.

Syslog List Settings

Syslog messages start with a code that indicates the priority and the facility (type) for the message. The next option converts priority and facility codes to text values. Use this option to convert the numeric code into text values that are easy to read.

Syslog Code Conversion Option

Below that option, there's another option called "Syslog Checks". Under "Comparison", select the comparison type you want to use for your syslog check. Then, enter the text value that will be used to compare with incoming syslog messages. The values you input here are case sensitive. Finally, choose the level of alert that FrameFlow will generate if the conditions of the table are met. You can also use regular expressions here! Note that you can add as many rows as you want to this table by using the "Add New Entry" button at the bottom of the table.

Filter Settings

It's likely that your organization receives a lot of syslog messages each day, so to avoid any impact on FrameFlow's performance we've implemented higher-level filtering options for syslog messages. Go to Settings > Syslog Filtering Settings to find it. Here, you can specify one or more filters that will be applied to incoming syslogs. Syslogs matching any filter will be rejected and won't be processed by any event monitor in your configuration. The source field can use a wildcard character to broaden the filter you're applying.

Syslog Filter Settings

Summary

This tutorial taught you a bit about the Syslog protocol and how to monitor it using FrameFlow's IT monitoring software! Refer to this Technical Resources page for more information on Syslog monitoring with FrameFlow. Keep an eye out for new tutorials coming to the Features page soon!

More IT Monitoring Features