Navigation: Monitoring with EventSentry > Network Services >
Syslog Daemon
|
Navigation: Monitoring with EventSentry > Network Services > Syslog Daemon |
|
|
EventSentry can emulate a Unix / Linux Syslog server which enables it to receive Syslog messages from remote Syslog-enabled hosts and devices. The Syslog daemon supports both UDP and TCP connections and you can either log incoming Syslog messages to the application event log or store them in a database.
To activate the Syslog daemon, either check the Enable Syslog UDP or the Enable Syslog TCP check box on the "General" tab and configure either the database or event log feature.
Syslog Daemons You can configure the Syslog daemon to accept UDP and TCP connections from remote Syslog-capable devices. To activate either protocol, check the appropriate check box. The default port for the Syslog protocol is 514, but you can change the port for both UDP and TCP connections by changing the number.
Threshold Settings To limit the number of Syslog messages that are processed by the Syslog daemon, change the maximum number of messages and the applicable time period. The Syslog daemon will drop incoming packets if the count exceeds the number specified in Maximum number of allowed messages for the configure Time Period.
Authorized IP Addresses / Networks For enhanced security you will have to specify from which hosts the Syslog daemon will accept packets. Please note that host names are not allowed in the list, you can only specify IP addresses.
You can enter IP addresses with or without specifying the subnet bits. For example, if you only want to add two servers with the IP addresses 184.23.22.11 and 184.23.22.43, simply add those two IP addresses to the list.
If you want to allow a whole subnet, for example the IP addresses 184.23.22.1 - 184.23.22.254, then you will have to add 184.23.22.0/24. If you only want to allow the range 184.23.22.128 - 184.23.22.254 then you can specify 184.23.22.128/25.
Compatibility The EventSentry Syslog daemon should work well with every Unix Syslog daemon (any Linux, Solaris, OSX, ...) and network devices that support the syslog protocol (e.g. Cisco routers and switches) and has been successfully tested with a variety of Unix-based Operating Systems and network devices, include the following:
(This does not mean that the syslog daemon only works with the operating systems mentioned above, but we have tested our syslog daemon successfully with the ones mentioned above.) |
