Syslog
Introduction
Syslog O11ysource is a component that collects logs from different parts of the system
Getting Started
Compatibility
The Syslog O11ySource is compatible with all system logs and network device logs.
Data Collection Method
vuSmartMaps collects system data and network device data for Syslog O11ySource using an internal agent. The agent gathers data based on the configuration specified at the source. This data can be received from both UDP and TCP protocols, depending on the source system configuration.
Prerequisites
Inputs for Configuring Data Source
- Host: The IP Address/FQDN of the Syslog server. This field is the key to identify each server you add here.
- Transport Protocol: Specify the transport protocol to be used for receiving the data: TCP or UDP
- Port: Provide the port details
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps IP | IP address of Syslog server(s) | 514* (UPD), 6514* (TCP) | UDP/TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Users must configure their system to send Syslog data to a UDP/TCP port on their system, which will then forward the logs to the vuSmartMaps Data Collector End Point via TCP.
Configuration Steps
Enablethe Syslog O11ySource.- Select the sources tab and press the
+button to add a new instance that has to be monitored. - Provide the required configurations:
- *Host
- *Transport Protocol
- *Port
- Click
Saveto close the data source window.
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| Timestamp | Timestamp at metricsets collected | DateTime |
| Facility Code | Used to categorize log messages based on their sources or purposes | UInt16 |
| Message | nan | String |
| ProcID | Provides the process name or process ID associated with a syslog system | String |
| Severity Code | Codes range from 0 to 7, with each level representing a different severity | UInt8 |
| AppName | Identifies the name of the application or process that generated the log entry. | String |
| Facility | Used to specify the type or source of the log message | String |
| Host | Host IP of incoming log | String |
| HostName | Host Name of incoming log | String |
| Log Severity | Indicates the seriousness or urgency of a log message | LowCardinality(String) |
| Message Lower | nan | String |
| Log UUID | nan | UUID |
| Network Type | nan | String |
