Configuring Syslog Startup and Forwarding

Forwarding Syslog Messages

The discovered resources must be configured to forward the syslog messages to the server to enable syslog monitoring.

In OpManager,

  1. The system (Linux/Solaris/routers) forwards the syslog messages to the server.
  2. The server listens on UDP port for these messages.

In this topic, we have provided examples to forward syslog messages from a Linux device and a router to the OpManager server.

Example: Forwarding Syslog Messages From Linux Device

Following is an example explaining how to configure a Linux device to forward syslog messages to the OpManager server.

  1. Log on to the Linux device (whose messages you want to forward to the server) as a super user.
  2. Enter the command - vi /etc/syslog.conf to open the configuration file called syslog.conf.
  3. Enter *.* and press the Tab key and enter the name of the host machine where the server is running.
    For example, *.* @test
  4. Restart the syslog service using the command /etc/rc.d/init.d/syslog restart.

Note:

If the OpManager server is running in a Linux device, you need to make the following configuration in the server to receive the forwarded messages.

  1. In Linux devices, by default, the syslog daemon occupies the port 514. This port must be freed in the machine where the OpManager server is running, so that it listens for syslog messages at 514 port. You can change the port number for the syslog daemon so that port 514 can be used by the server. The steps are explained below.
    1. Log into the Linux device (where the OpManager server is running) as a super user.
    2. Enter the command vi /etc/services to open the file.
    3. In the services file, all the services and their corresponding port numbers are listed. Under the Unix-specific services, the syslog service will be listed, with its port as 514/udp. Ensure that the port number is not occupied by some other service (you can configure a different port if the default port is occupied).
  2. Restart the syslog service using the command /etc/rc.d/init.d/syslog restart.

Example: Forwarding Syslog Messages From Routers

To enable syslog monitoring in router and redirect the log message to the syslog server:

  1. Telnet to the router machine as telnet <router>.
  2. Type the command enable at the prompt to set to 'enable' mode.
  3. You will be prompted to enter the password. Enter the correct password.
  4. Now, type the command config at the prompt.
  5. Choose terminal configuration.
  6. After this, type logging <IP address of the host device where OpManager server is running> at the command prompt. For example, logging <192.168.5.120>. This is done to enable forwarding of messages to the OpManager server.

After the above steps are performed, the router logs the syslog messages onto the server at port 514 by default.

Configuring Startup Options

There are a few startup options that you can configure in OpManagerProcessesBE.conf located in <Product Home>/conf directory. Configuring these parameters are not mandatory. Default values will be taken if you do not specify in the configuration file. See the table given below for details:

Sl.No Parameter Description
1 SYSLOG_SERVER_PORT The argument for this parameter is the port number at which the server must listen for syslog messages. The default Syslog UDP port is 514.
Example entry:
SYSLOG_SERVER_PORT 514
2 LOCAL_SYSLOG_FILE_NAME * The argument for this parameter is the name of the file in which the syslog messages for the local machine are stored.
Example entry:
LOCAL_SYSLOG_FILE_NAME /var/log/messages
3 LOCAL_SYSLOG_MONITOR_INTERVAL* The argument for this parameter is the time interval in seconds at which Syslog is monitored in the local machine.
Example entry:
[LOCAL_SYSLOG_MONITOR_INTERVAL 300
4 MONITOR_LOCAL_SYSLOG * The argument for this parameter can either be true or false. If Syslog is to be monitored for the device where the OpManager server is running, the value is set as true, else it is set as false.
Example entry:
MONITOR_LOCAL_SYSLOG true
5 WMI_MONITOR_INTERVAL This parameter is applicable only for Windows devices. The value for this parameter is time interval in seconds, at which the Windows devices are monitored for syslog events..
Example entry:
WMI_MONITOR_INTERVAL 300

Configuring OpManagerProcessesBE.conf

* Applicable only to Unix devices.

Enabling Syslog Monitoring For All Windows Devices at Startup

By default, syslog monitoring is not enabled for all the devices. But, for Windows devices, you have an option to configure syslog monitoring before the OpManager server startup. This configuration is effected in OpManagerProcessesBE.conf located in <Product Home>/conf directory.

The following three parameters must be passed as arguments to the syslog process:

  • DEFAULT_WMI_MONITOR true : Enables default syslog monitoring for all Windows devices.
  • WMI_USERNAME <user name> : Takes the user name as input.
  • WMI_PASSWORD <password> : Takes the corresponding password as input.

The entry for the same in OpManagerProcessesBE.conf will be as shown below:

#com.adventnet.OpManager.syslog.server.StandaloneSyslogProcess [SYSLOG_SERVER_PORT port] [LOCAL_SYSLOG_FILE_NAME fileName] [LOCAL_SYSLOG_MONITOR_INTERVAL interval] [MONITOR_LOCAL_SYSLOG true/false] [WMI_MONITOR_INTERVAL monitor interval] [DEFAULT_WMI_MONITOR true/false] [WMI_USERNAME username] [WMI_PASSWORD password] PROCESS com.adventnet.OpManager.syslog.server.StandaloneSyslogProcess ARGS SYSLOG_SERVER_PORT 514 DEFAULT_WMI_MONITOR true WMI_USERNAME <username> WMI_PASSWORD <password> MONITOR_LOCAL_SYSLOG true

Example:

#com.adventnet.OpManager.syslog.server.StandaloneSyslogProcess [SYSLOG_SERVER_PORT port] [LOCAL_SYSLOG_FILE_NAME fileName] [LOCAL_SYSLOG_MONITOR_INTERVAL interval] [MONITOR_LOCAL_SYSLOG true/false] [WMI_MONITOR_INTERVAL monitor interval] [DEFAULT_WMI_MONITOR true/false] [WMI_USERNAME username] [WMI_PASSWORD password] PROCESS com.adventnet.OpManager.syslog.server.StandaloneSyslogProcess ARGS SYSLOG_SERVER_PORT 514 DEFAULT_WMI_MONITOR true WMI_USERNAME administrator WMI_PASSWORD admin MONITOR_LOCAL_SYSLOG true