Free BSD Unix Log Source - How to add

Free BSD Unix Log Sources

Before adding them as Free BSD Unix Log Sources, ensure that Syslog Daemon is configured in those devices.

 

Import Log FIles

 

  1. Select the host type as UNIX. Optionally, use the + icon to create new host type for your host

  2. Enter the host name(s). Enter multiple host names separated by comma. Tip: you can also copy the comma separated host names from a text file and paste in this field

  3. Select the host group. For UNIX host type, UNIX Group will be the default selection. Optionally, use the + icon to create new host group to assign the configured host(s)

  4. Enter the Syslog Listener Port through which the UNIX host(s) will be sending the syslog

  5. Click Save button to add the host(s).

  6. Use Save & Add More button to add more hosts

Add Windows Hosts

Note:
In Linux hosts, ensure that the syslog daemon is running and verify the port number to configure in EventLog Analyzer.

UNIX hosts configured to send Syslog data to the EventLog Analyzer on either of the default Syslog ports (513 & 514) need not be added as UNIX hosts in EventLog Analyzer and they will be automatically added to the list of hosts.

Troubleshoot if UNIX hosts/devices not automatically added to the list of hosts

If the devices are not added in the Hosts list, follow the troubleshooting procedure given below.

  • Check the connectivity between the EventLog Analyzer server and the UNIX/ Linux host or device. Use the 'ping' command and check if UNIX/ Linux machine is reachable from Eventlog Analyzer server and vice-versa

  • Logon to EventLog Analyzer user interface, click on Show Listener Port(s) Details and check if the ports 513, 514 are up and getting listened

  • In case, the default port is down, meaning the port is occupied by some other application, then you can forward the syslog to any other port which is free and ensure that you add that port in EventLog Analyzer product or free the port by stopping the application which uses it

  • Check whether the packets are forwarded in the default UDP ports 513, 514 or the custom configured port from the UNIX/ Linux machines

  • If the machine is not getting added still, check if any firewall (like Windows Firewall or any other services) is blocking the port. If so, unblock the port

  • If the issue persists, use any packet capturing tool like Wireshark or Ethereal and ensure that syslogs are forwarded from the UNIX/ Linux machine