Summary
The Security Management System (SMS) server gathers syslog events from monitored devices, which in turn log information about a variety of conditions and operational state changes. You can configure the SMS server to send a copy of these events to other systems. In the Remote Syslog for Events area, you can define remote servers to which you want syslog events to be sent. You can also edit remote server information as well as delete a remote server. To control the number of SMS events that are sent to a remote syslog server, SMS allows you to use a filter to direct a subset of the SMS events to a remote syslog server. Additionally, when you initially configure a connection to a remote syslog server you can choose to only send future events, excluding what could be a sizeable number of historical events.
Details
| Setting | Description |
| Syslog Server | Hostname or IP address of the remote syslog server |
| Protocol | Transport protocol used in sending event notifications to the remote syslog server. Valid options are UDP, TCP, and Encrypted TCP. Note: When URI information that includes URI strings is sent using the UDP protocol, data loss can result. For best results in logging URI string information, use either the TCP or Encrypted TCP protocol. |
| Port | Port on the remote syslog server used for communicating syslog events. |
| Log Type | Syslog format the SMS uses when sending event notifications to the remote syslog server. The format varies depending on the version of the SMS and the event itself. The format is important because the receiving server must know how to interpret the data. The SMS provides the following syslog format options:
|
| Event Query | Determines whether the SMS sends all events or a select set of events to the remote syslog server. |
| Facility | Limits the events send to the remote syslog server to a specific facility level. Facilities are defined by the BSD Syslog Protocol. Refer to RFC 3164. |
| Severity | Limits the events sent to the remote syslog server to events that match the specified severity. |
| Delimiter | Determines the character the SMS uses as a delimiter for event data in the syslog. Options include tab, comma, semi-colon, pipe, or space. |
| Timestamp | Determines the timestamp the SMS includes in headers in messages sent to the remote syslog:
|
Procedure:
- Log in to the SMS from a client.
- On the SMS toolbar, navigate to the Admin > Server Properties tab.
- Select the Management tab.
- In the Remote Syslog for Events area click Add.
- The Edit Syslog Notification Settings dialog box displays.
- Enter the required information:
- Enable: enable the Syslog format.
- Syslog Server: enter the IP address of the remote Syslog Server
- Protocol: UDP, TCP, Encrypted TCP
- Certificate: if Encrypted TCP is selected.
- Port: enter the listening Port number for the above server.
- Log Type: from the drop-down menu, select a log type format.
- Event Query: from the drop-down menu, select an Event Query.
- Facility: from the drop-down menu, select a Facility.
- Severity: from the drop-down menu, select a Severity.
- Delimiter: from the drop-down menu, select a Delimiter.
- Optionally, select the desired header information.
- Click OK.
